| Source: C:\Windows\System32\loaddll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\loaddll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\loaddll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\loaddll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83EAC9 second address: 000000006C83EEF8 instructions: 0x00000000 rdtsc 0x00000002 mov dl, F2h 0x00000004 bswap ecx 0x00000006 call 00007FD448BF556Ah 0x0000000b jmp 00007FD448BF55BBh 0x0000000d lea ebx, dword ptr [ebx+55h] 0x00000010 lea ecx, dword ptr [00000000h+ebx*4] 0x00000017 bsr bp, cx 0x0000001b rcl ecx, 19h 0x0000001e xchg dword ptr [esp+04h], ebx 0x00000022 jmp 00007FD448BF59EBh 0x00000027 mov al, F1h 0x00000029 rcl bx, 1 0x0000002c inc bx 0x0000002e sub esp, 1Eh 0x00000031 ror ax, 0002h 0x00000035 lea esp, dword ptr [esp+02h] 0x00000039 jmp 00007FD448BF5550h 0x0000003b push dword ptr [esp+20h] 0x0000003f retn 0024h 0x00000042 lea edi, dword ptr [esp+0Ch] 0x00000046 mov dl, byte ptr [esp] 0x00000049 jmp 00007FD448BF59FAh 0x0000004e sub esp, 000000B4h 0x00000054 mov ebp, esp 0x00000056 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84B709 second address: 000000006C84B85B instructions: 0x00000000 rdtsc 0x00000002 mov ah, byte ptr [esp] 0x00000005 jmp 00007FD448BFA10Dh 0x00000007 mov dh, byte ptr [esp] 0x0000000a jmp 00007FD448BFA120h 0x0000000c mov ecx, edi 0x0000000e mov esi, dword ptr [ecx] 0x00000010 bsf ecx, ecx 0x00000013 jnp 00007FD448BFA0D3h 0x00000015 jmp 00007FD448BFA185h 0x0000001a mov al, 96h 0x0000001c xchg edx, ecx 0x0000001e add edi, 04h 0x00000021 jmp 00007FD448BFA0A9h 0x00000023 btc edx, esi 0x00000026 je 00007FD448BFA0D7h 0x00000028 bsr eax, edi 0x0000002b setnl dh 0x0000002e jmp 00007FD448BFA10Ch 0x00000030 push ebp 0x00000031 lea ecx, dword ptr [ecx+esi] 0x00000034 call 00007FD448BFA0D2h 0x00000039 mov ch, byte ptr [esp] 0x0000003c push esi 0x0000003d jmp 00007FD448BFA172h 0x00000042 and ebp, esi 0x00000044 jns 00007FD448BFA0BEh 0x00000046 mov cx, word ptr [esp] 0x0000004a mov cl, byte ptr [esp] 0x0000004d jmp 00007FD448BFA0CFh 0x0000004f dec ax 0x00000051 push edi 0x00000052 mov dx, 9280h 0x00000056 mov dx, B8F4h 0x0000005a jmp 00007FD448BFA108h 0x0000005c mov bp, word ptr [esp] 0x00000060 sbb ax, bp 0x00000063 jmp 00007FD448BFA139h 0x00000065 jnc 00007FD448BFA0ADh 0x00000067 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84B85B second address: 000000006C84B903 instructions: 0x00000000 rdtsc 0x00000002 lea eax, dword ptr [eax+ebx] 0x00000005 jmp 00007FD448BF556Fh 0x00000007 cmp eax, 9DA45E12h 0x0000000c push si 0x0000000e lea esp, dword ptr [esp+02h] 0x00000012 jmp 00007FD448BF55BEh 0x00000014 pop esi 0x00000015 mov al, dl 0x00000017 mov al, dl 0x00000019 clc 0x0000001a jnp 00007FD448BF5574h 0x0000001c jmp 00007FD448BF5624h 0x00000021 pop ebp 0x00000022 mov ch, 2Fh 0x00000024 mov ax, BE00h 0x00000028 or eax, ebx 0x0000002a jnle 00007FD448BF5551h 0x0000002c jle 00007FD448BF5539h 0x0000002e add esp, 04h 0x00000031 jnbe 00007FD448BF55BBh 0x00000033 pushfd 0x00000034 mov cx, word ptr [esp+02h] 0x00000039 jmp 00007FD448BF5574h 0x0000003b lea edi, dword ptr [ecx+ebx] 0x0000003e mov edi, dword ptr [esp+04h] 0x00000042 mov edx, 6C4C3A78h 0x00000047 push dx 0x00000049 jmp 00007FD448BF55A0h 0x0000004b lea esp, dword ptr [esp+02h] 0x0000004f lea esp, dword ptr [esp+08h] 0x00000053 call 00007FD448BF55C1h 0x00000058 mov ax, dx 0x0000005b mov cl, B9h 0x0000005d bt dx, bx 0x00000061 xchg dword ptr [esp], ecx 0x00000064 jmp 00007FD448BF556Eh 0x00000066 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84B903 second address: 000000006C83CBBE instructions: 0x00000000 rdtsc 0x00000002 sub edx, eax 0x00000004 mov ax, bx 0x00000007 add dx, dx 0x0000000a mov ah, E4h 0x0000000c jmp 00007FD448BFA108h 0x0000000e lea ecx, dword ptr [ecx-0000ED1Ch] 0x00000014 mov dx, AE09h 0x00000018 mov eax, dword ptr [esp] 0x0000001b btc ax, si 0x0000001f call 00007FD448BFA3ADh 0x00000024 xchg dword ptr [esp+04h], ecx 0x00000028 mov ch, byte ptr [esp] 0x0000002b jmp 00007FD448BF9F23h 0x00000030 sub esp, 16h 0x00000033 mov ax, word ptr [esp+07h] 0x00000038 mov ecx, dword ptr [esp+12h] 0x0000003c add esp, 07h 0x0000003f lea esp, dword ptr [esp+03h] 0x00000043 push dword ptr [esp+10h] 0x00000047 retn 0014h 0x0000004a mov ebx, ebp 0x0000004c lea eax, dword ptr [esp+ecx] 0x0000004f setle ah 0x00000052 sets dl 0x00000055 call 00007FD448BFA0CFh 0x0000005a xchg cl, ch 0x0000005c pushad 0x0000005d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CBBE second address: 000000006C83CBE2 instructions: 0x00000000 rdtsc 0x00000002 mov al, bh 0x00000004 xchg dword ptr [esp+20h], esi 0x00000008 jmp 00007FD448BF55ACh 0x0000000a rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CBE2 second address: 000000006C83CCAF instructions: 0x00000000 rdtsc 0x00000002 xchg ecx, edx 0x00000004 mov ax, word ptr [esp] 0x00000008 mov edx, B68AAC39h 0x0000000d lea esi, dword ptr [esi-00000052h] 0x00000013 xchg eax, edx 0x00000014 jmp 00007FD448BFA113h 0x00000016 mov edx, ecx 0x00000018 lea eax, dword ptr [00000000h+edi*4] 0x0000001f mov dx, 208Bh 0x00000023 xchg dword ptr [esp+20h], esi 0x00000027 mov cl, ch 0x00000029 xchg dx, ax 0x0000002c jmp 00007FD448BFA0C3h 0x0000002e xchg dx, ax 0x00000031 mov ecx, dword ptr [esp] 0x00000034 push dword ptr [esp+20h] 0x00000038 retn 0024h 0x0000003b mov eax, 12F33EA2h 0x00000040 xor cl, 00000044h 0x00000043 jnl 00007FD448BFA1D0h 0x00000049 jl 00007FD448BFA1ACh 0x0000004f pushfd 0x00000050 mov dx, cx 0x00000053 mov dh, 56h 0x00000055 jmp 00007FD448BFA161h 0x00000057 lea eax, dword ptr [ebx-03h] 0x0000005a lea ecx, dword ptr [ecx-0F5291AAh] 0x00000060 jmp 00007FD448BFA09Dh 0x00000062 lea esp, dword ptr [esp+04h] 0x00000066 sub ebp, 1284C013h 0x0000006c call 00007FD448BFA10Ch 0x00000071 mov ecx, dword ptr [esp] 0x00000074 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CCAF second address: 000000006C83CC9D instructions: 0x00000000 rdtsc 0x00000002 neg al 0x00000004 neg al 0x00000006 push sp 0x00000008 jmp 00007FD448BF556Fh 0x0000000a lea esp, dword ptr [esp+02h] 0x0000000e xchg dword ptr [esp], ebx 0x00000011 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CC9D second address: 000000006C83CCC5 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 93656786h 0x00000007 jmp 00007FD448BFA105h 0x00000009 mov edx, dword ptr [esp] 0x0000000c lea ebx, dword ptr [ebx-00000034h] 0x00000012 shr eax, 0Ch 0x00000015 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CE39 second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BF554Fh 0x00000004 xor ebp, 2D4823BBh 0x0000000a mov ah, byte ptr [esp] 0x0000000d clc 0x0000000e je 00007FD448BF5570h 0x00000010 jne 00007FD448BF559Ah 0x00000012 mov eax, 09013DC9h 0x00000017 sub esp, 19h 0x0000001a lea esp, dword ptr [esp+01h] 0x0000001e jmp 00007FD448BF5616h 0x00000023 add ebp, dword ptr [esi] 0x00000025 lea eax, dword ptr [00000000h+edx*4] 0x0000002c xchg ch, cl 0x0000002e jmp 00007FD448BF553Dh 0x00000030 movzx ecx, byte ptr [ebp+00h] 0x00000034 jmp 00007FD448BF556Fh 0x00000036 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CE3D second address: 000000006C83CEB5 instructions: 0x00000000 rdtsc 0x00000002 clc 0x00000003 jnbe 00007FD448BFA126h 0x00000005 not ax 0x00000008 call 00007FD448BFA0D7h 0x0000000d mov ax, di 0x00000010 jmp 00007FD448BFA10Bh 0x00000012 mov edx, dword ptr [esp] 0x00000015 add esp, 02h 0x00000018 jmp 00007FD448BFA14Dh 0x0000001a jnle 00007FD448BFA099h 0x0000001c mov dl, dh 0x0000001e mov dh, byte ptr [esp+01h] 0x00000022 call 00007FD448BFA129h 0x00000027 lea esp, dword ptr [esp+02h] 0x0000002b jmp 00007FD448BFA0D6h 0x0000002d add cl, bl 0x0000002f rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83D042 second address: 000000006C83D0C7 instructions: 0x00000000 rdtsc 0x00000002 btr eax, ebp 0x00000005 jnp 00007FD448BF55D9h 0x00000007 mov dx, word ptr [esp] 0x0000000b jmp 00007FD448BF55C2h 0x0000000d inc ebp 0x0000000e rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83DC6E second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 and cx, si 0x00000005 jnc 00007FD448BFA11Eh 0x00000007 jmp 00007FD448BFA0DAh 0x00000009 mov dx, word ptr [esp] 0x0000000d jmp 00007FD448BFA118h 0x0000000f sub esp, 02h 0x00000012 jne 00007FD448BFA131h 0x00000014 lea eax, dword ptr [esp+edi] 0x00000017 lea esp, dword ptr [esp+02h] 0x0000001b jmp 00007FD448BFA124h 0x0000001d lea eax, dword ptr [edi+50h] 0x00000020 xchg dx, cx 0x00000023 stc 0x00000024 jc 00007FD448BFA078h 0x00000026 push di 0x00000028 lea esp, dword ptr [esp+02h] 0x0000002c jmp 00007FD448BFA166h 0x0000002e cmp esi, eax 0x00000030 jmp 00007FD448BFA22Bh 0x00000035 jl 00007FD448BF9FBBh 0x0000003b jnl 00007FD448BF9FB5h 0x00000041 ja 00007FD448BF9201h 0x00000047 movzx ecx, byte ptr [ebp+00h] 0x0000004b jmp 00007FD448BFA0CFh 0x0000004d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84DBDC second address: 000000006C84DDC5 instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 stc 0x00000004 jnc 00007FD448BF5552h 0x00000006 shl bp, cl 0x00000009 jmp 00007FD448BF5631h 0x0000000e push esi 0x0000000f xchg bp, ax 0x00000012 pushfd 0x00000013 jmp 00007FD448BF5547h 0x00000015 inc bp 0x00000017 jnc 00007FD448BF556Ah 0x00000019 jc 00007FD448BF5568h 0x0000001b push edi 0x0000001c xchg dh, dl 0x0000001e xchg dl, cl 0x00000020 jmp 00007FD448BF5575h 0x00000022 sub esp, 00000000h 0x00000025 jbe 00007FD448BF55AAh 0x00000027 mov ecx, dword ptr [esp] 0x0000002a lea edx, dword ptr [esi+esi] 0x0000002d add dx, bx 0x00000030 jmp 00007FD448BF55DBh 0x00000032 pop ebp 0x00000033 sub esp, 03h 0x00000036 jbe 00007FD448BF5573h 0x00000038 rol esi, cl 0x0000003a add esp, 01h 0x0000003d lea esp, dword ptr [esp+02h] 0x00000041 jmp 00007FD448BF5759h 0x00000046 add esp, 04h 0x00000049 jno 00007FD448BF5518h 0x0000004b pop edi 0x0000004c rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C848B7C second address: 000000006C848BB9 instructions: 0x00000000 rdtsc 0x00000002 lea ecx, dword ptr [00000000h+esi*4] 0x00000009 neg cx 0x0000000c jmp 00007FD448BFA11Eh 0x0000000e lea eax, dword ptr [eax+ecx] 0x00000011 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C848BB9 second address: 000000006C848B0F instructions: 0x00000000 rdtsc 0x00000002 push dword ptr [esp+04h] 0x00000006 retn 0008h 0x00000009 sub ebp, 04h 0x0000000c rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C848B0F second address: 000000006C848C6A instructions: 0x00000000 rdtsc 0x00000002 xchg dh, ch 0x00000004 jmp 00007FD448BFA28Dh 0x00000009 not eax 0x0000000b not ax 0x0000000e mov edx, edi 0x00000010 mov ecx, dword ptr [edx] 0x00000012 jmp 00007FD448BFA09Fh 0x00000014 mov eax, edx 0x00000016 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C848C6A second address: 000000006C848C3A instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 jne 00007FD448BF555Dh 0x00000005 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C849089 second address: 000000006C84907A instructions: 0x00000000 rdtsc 0x00000002 pop eax 0x00000003 lea esi, dword ptr [esi-00000153h] 0x00000009 mov dh, BBh 0x0000000b mov dh, byte ptr [esp] 0x0000000e jmp 00007FD448BFA0BFh 0x00000010 mov eax, 75B25F11h 0x00000015 lea edx, dword ptr [00000000h+eax*4] 0x0000001c xchg dword ptr [esp+10h], esi 0x00000020 push edi 0x00000021 mov byte ptr [esp], al 0x00000024 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C8534FB second address: 000000006C85353D instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 call 00007FD448BF5573h 0x00000008 push esp 0x00000009 mov esi, dword ptr [esp+03h] 0x0000000d bswap eax 0x0000000f mov byte ptr [esp+01h], cl 0x00000013 mov word ptr [esp+01h], sp 0x00000018 jmp 00007FD448BF55B9h 0x0000001a xchg dword ptr [esp+04h], ebp 0x0000001e pushad 0x0000001f inc cx 0x00000021 bsf di, bx 0x00000025 pop esi 0x00000026 clc 0x00000027 jmp 00007FD448BF556Dh 0x00000029 lea ebp, dword ptr [ebp-0000003Ch] 0x0000002f mov cl, dl 0x00000031 bsr edi, ecx 0x00000034 cmc 0x00000035 cmc 0x00000036 jmp 00007FD448BF55DDh 0x00000038 xchg dword ptr [esp+20h], ebp 0x0000003c inc cl 0x0000003e cmc 0x0000003f setne dh 0x00000042 lea edi, dword ptr [ecx+ebp] 0x00000045 push dword ptr [esp+20h] 0x00000049 retn 0024h 0x0000004c bswap edx 0x0000004e jmp 00007FD448BF5604h 0x00000050 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C85353D second address: 000000006C83CBBE instructions: 0x00000000 rdtsc 0x00000002 lea edx, dword ptr [ecx+000000CFh] 0x00000008 mov cl, ch 0x0000000a mov al, 0Ch 0x0000000c mov esi, eax 0x0000000e sub esp, 0Bh 0x00000011 jmp 00007FD448BFA114h 0x00000013 jle 00007FD448BFA110h 0x00000015 mov al, ah 0x00000017 lea esp, dword ptr [esp+03h] 0x0000001b jmp 00007FD448BFA10Eh 0x0000001d jmp 00007FD448BFA0D4h 0x0000001f add esp, 08h 0x00000022 jo 00007FD448BFA121h 0x00000024 jno 00007FD448BFA11Fh 0x00000026 pop esi 0x00000027 xchg ch, al 0x00000029 pushfd 0x0000002a jmp 00007FD448BFA0D6h 0x0000002c mov cl, 90h 0x0000002e bswap edx 0x00000030 jmp 00007FD448BFA108h 0x00000032 add esp, 04h 0x00000035 jmp 00007FD448BFA20Eh 0x0000003a jne 00007FD448BF9FD8h 0x00000040 pop ebp 0x00000041 mov di, word ptr [esp] 0x00000045 xchg ah, al 0x00000047 mov ah, 7Dh 0x00000049 jmp 00007FD448BFA1ACh 0x0000004e bsr ax, bp 0x00000052 jnbe 00007FD448BFA07Ch 0x00000054 pop edi 0x00000055 jmp 00007FD448BE36ACh 0x0000005a mov ebx, ebp 0x0000005c lea eax, dword ptr [esp+ecx] 0x0000005f setle ah 0x00000062 sets dl 0x00000065 call 00007FD448BFA0CFh 0x0000006a xchg cl, ch 0x0000006c pushad 0x0000006d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84BA9C second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [esp] 0x00000005 jmp 00007FD448BE6949h 0x0000000a movzx ecx, byte ptr [ebp+00h] 0x0000000e jmp 00007FD448BF556Fh 0x00000010 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C851465 second address: 000000006C85146C instructions: 0x00000000 rdtsc 0x00000002 not ah 0x00000004 ror cl, 00000000h 0x00000007 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C853196 second address: 000000006C851849 instructions: 0x00000000 rdtsc 0x00000002 stc 0x00000003 jmp 00007FD448BF56B8h 0x00000008 jo 00007FD448BF546Eh 0x0000000e mov edx, 4C97B051h 0x00000013 neg edx 0x00000015 jmp 00007FD448BF5513h 0x00000017 mov eax, dword ptr [esi] 0x0000001a setnl dh 0x0000001d jmp 00007FD448BF55ACh 0x0000001f mov dh, cl 0x00000021 call 00007FD448BF5574h 0x00000026 sub esi, 04h 0x00000029 mov edx, esi 0x0000002b lea edx, dword ptr [esp+esi] 0x0000002e pushfd 0x0000002f jmp 00007FD448BF55BEh 0x00000031 btc ecx, ecx 0x00000034 jle 00007FD448BF5577h 0x00000036 jnle 00007FD448BF5575h 0x00000038 mov dword ptr [esi], eax 0x0000003a lea ecx, dword ptr [ebp+00003F07h] 0x00000040 bts cx, bx 0x00000044 jmp 00007FD448BF5619h 0x00000049 jc 00007FD448BF5518h 0x0000004b xchg dh, cl 0x0000004d mov dx, FA48h 0x00000051 jmp 00007FD448BF3B3Ch 0x00000056 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C851BCB second address: 000000006C851E93 instructions: 0x00000000 rdtsc 0x00000002 sub esp, 11h 0x00000005 mov word ptr [esp+07h], ax 0x0000000a inc dx 0x0000000c jmp 00007FD448BFA10Dh 0x0000000e lea esp, dword ptr [esp+01h] 0x00000012 lea edi, dword ptr [edi-0000002Bh] 0x00000018 bswap edx 0x0000001a adc edx, ecx 0x0000001c dec dh 0x0000001e setb ah 0x00000021 jmp 00007FD448BFA73Fh 0x00000026 xchg dword ptr [esp+10h], edi 0x0000002a bsr eax, ecx 0x0000002d sub eax, esi 0x0000002f push dword ptr [esp+10h] 0x00000033 retn 0014h 0x00000036 mov edx, eax 0x00000038 mov eax, ebp 0x0000003a btr eax, ebp 0x0000003d jmp 00007FD448BFA500h 0x00000042 jl 00007FD448BFA28Ah 0x00000048 mov eax, esi 0x0000004a inc cl 0x0000004c bsr dx, ax 0x00000050 jmp 00007FD448BF9D49h 0x00000055 jnp 00007FD448BFA1CEh 0x0000005b mov edx, dword ptr [esp] 0x0000005e xchg eax, edx 0x0000005f jmp 00007FD448BF9FD1h 0x00000064 bsf edx, ebp 0x00000067 jmp 00007FD448BFA2E7h 0x0000006c pushad 0x0000006d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C85345B second address: 000000006C8534FB instructions: 0x00000000 rdtsc 0x00000002 mov ch, bh 0x00000004 stc 0x00000005 mov eax, dword ptr [esp] 0x00000008 jmp 00007FD448BF55A9h 0x0000000a mov dl, E0h 0x0000000c push dword ptr [esp+18h] 0x00000010 retn 001Ch 0x00000013 mov edi, dword ptr [ebp+00h] 0x00000016 lea eax, dword ptr [edx+ebx] 0x00000019 setnle cl 0x0000001c mov eax, B0A52D3Ah 0x00000021 jmp 00007FD448BF5779h 0x00000026 push bx 0x00000028 lea esp, dword ptr [esp+02h] 0x0000002c add ebp, 04h 0x0000002f mov dx, word ptr [esp] 0x00000033 mov ecx, edx 0x00000035 jmp 00007FD448BF54D5h 0x0000003a push esi 0x0000003b neg ah 0x0000003d jnle 00007FD448BF5537h 0x0000003f not ch 0x00000041 cmc 0x00000042 jmp 00007FD448BF5512h 0x00000044 push edi 0x00000045 neg ecx 0x00000047 jne 00007FD448BF5576h 0x00000049 jmp 00007FD448BF55E4h 0x0000004b clc 0x0000004c rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C85345B second address: 000000006C8534FB instructions: 0x00000000 rdtsc 0x00000002 mov ch, bh 0x00000004 stc 0x00000005 mov eax, dword ptr [esp] 0x00000008 jmp 00007FD448BFA109h 0x0000000a mov dl, E0h 0x0000000c push dword ptr [esp+18h] 0x00000010 retn 001Ch 0x00000013 mov edi, dword ptr [ebp+00h] 0x00000016 lea eax, dword ptr [edx+ebx] 0x00000019 setnle cl 0x0000001c mov eax, B0A52D3Ah 0x00000021 jmp 00007FD448BFA2D9h 0x00000026 push bx 0x00000028 lea esp, dword ptr [esp+02h] 0x0000002c add ebp, 04h 0x0000002f mov dx, word ptr [esp] 0x00000033 mov ecx, edx 0x00000035 jmp 00007FD448BFA035h 0x0000003a push esi 0x0000003b neg ah 0x0000003d jnle 00007FD448BFA097h 0x0000003f not ch 0x00000041 cmc 0x00000042 jmp 00007FD448BFA072h 0x00000044 push edi 0x00000045 neg ecx 0x00000047 jne 00007FD448BFA0D6h 0x00000049 jmp 00007FD448BFA144h 0x0000004b clc 0x0000004c rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84AD3A second address: 000000006C83CBBE instructions: 0x00000000 rdtsc 0x00000002 lea eax, dword ptr [00000000h+ebx*4] 0x00000009 mov ecx, D5B43DB6h 0x0000000e jmp 00007FD448BE7419h 0x00000013 mov ebx, ebp 0x00000015 lea eax, dword ptr [esp+ecx] 0x00000018 setle ah 0x0000001b sets dl 0x0000001e call 00007FD448BF556Fh 0x00000023 xchg cl, ch 0x00000025 pushad 0x00000026 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84AD3A second address: 000000006C83CBBE instructions: 0x00000000 rdtsc 0x00000002 lea eax, dword ptr [00000000h+ebx*4] 0x00000009 mov ecx, D5B43DB6h 0x0000000e jmp 00007FD448BEBF79h 0x00000013 mov ebx, ebp 0x00000015 lea eax, dword ptr [esp+ecx] 0x00000018 setle ah 0x0000001b sets dl 0x0000001e call 00007FD448BFA0CFh 0x00000023 xchg cl, ch 0x00000025 pushad 0x00000026 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C85457D second address: 000000006C85457F instructions: 0x00000000 rdtsc 0x00000002 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84E1D1 second address: 000000006C84E3D9 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 xchg word ptr [esp], ax 0x00000007 lea ecx, dword ptr [ecx+esi] 0x0000000a xchg dword ptr [esp+04h], esi 0x0000000e jmp 00007FD448BF5596h 0x00000010 cmc 0x00000011 neg al 0x00000013 dec cx 0x00000015 lea ecx, dword ptr [00000000h+edi*4] 0x0000001c mov eax, 63E4BEA4h 0x00000021 jmp 00007FD448BF5770h 0x00000026 lea esi, dword ptr [esi+2Ah] 0x00000029 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C8621EC second address: 000000006C8621EE instructions: 0x00000000 rdtsc 0x00000002 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83EAC9 second address: 000000006C83EEF8 instructions: 0x00000000 rdtsc 0x00000002 mov dl, F2h 0x00000004 bswap ecx 0x00000006 call 00007FD448BFA0CAh 0x0000000b jmp 00007FD448BFA11Bh 0x0000000d lea ebx, dword ptr [ebx+55h] 0x00000010 lea ecx, dword ptr [00000000h+ebx*4] 0x00000017 bsr bp, cx 0x0000001b rcl ecx, 19h 0x0000001e xchg dword ptr [esp+04h], ebx 0x00000022 jmp 00007FD448BFA54Bh 0x00000027 mov al, F1h 0x00000029 rcl bx, 1 0x0000002c inc bx 0x0000002e sub esp, 1Eh 0x00000031 ror ax, 0002h 0x00000035 lea esp, dword ptr [esp+02h] 0x00000039 jmp 00007FD448BFA0B0h 0x0000003b push dword ptr [esp+20h] 0x0000003f retn 0024h 0x00000042 lea edi, dword ptr [esp+0Ch] 0x00000046 mov dl, byte ptr [esp] 0x00000049 jmp 00007FD448BFA55Ah 0x0000004e sub esp, 000000B4h 0x00000054 mov ebp, esp 0x00000056 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84B709 second address: 000000006C84B85B instructions: 0x00000000 rdtsc 0x00000002 mov ah, byte ptr [esp] 0x00000005 jmp 00007FD448BF55ADh 0x00000007 mov dh, byte ptr [esp] 0x0000000a jmp 00007FD448BF55C0h 0x0000000c mov ecx, edi 0x0000000e mov esi, dword ptr [ecx] 0x00000010 bsf ecx, ecx 0x00000013 jnp 00007FD448BF5573h 0x00000015 jmp 00007FD448BF5625h 0x0000001a mov al, 96h 0x0000001c xchg edx, ecx 0x0000001e add edi, 04h 0x00000021 jmp 00007FD448BF5549h 0x00000023 btc edx, esi 0x00000026 je 00007FD448BF5577h 0x00000028 bsr eax, edi 0x0000002b setnl dh 0x0000002e jmp 00007FD448BF55ACh 0x00000030 push ebp 0x00000031 lea ecx, dword ptr [ecx+esi] 0x00000034 call 00007FD448BF5572h 0x00000039 mov ch, byte ptr [esp] 0x0000003c push esi 0x0000003d jmp 00007FD448BF5612h 0x00000042 and ebp, esi 0x00000044 jns 00007FD448BF555Eh 0x00000046 mov cx, word ptr [esp] 0x0000004a mov cl, byte ptr [esp] 0x0000004d jmp 00007FD448BF556Fh 0x0000004f dec ax 0x00000051 push edi 0x00000052 mov dx, 9280h 0x00000056 mov dx, B8F4h 0x0000005a jmp 00007FD448BF55A8h 0x0000005c mov bp, word ptr [esp] 0x00000060 sbb ax, bp 0x00000063 jmp 00007FD448BF55D9h 0x00000065 jnc 00007FD448BF554Dh 0x00000067 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84B85B second address: 000000006C84B903 instructions: 0x00000000 rdtsc 0x00000002 lea eax, dword ptr [eax+ebx] 0x00000005 jmp 00007FD448BFA0CFh 0x00000007 cmp eax, 9DA45E12h 0x0000000c push si 0x0000000e lea esp, dword ptr [esp+02h] 0x00000012 jmp 00007FD448BFA11Eh 0x00000014 pop esi 0x00000015 mov al, dl 0x00000017 mov al, dl 0x00000019 clc 0x0000001a jnp 00007FD448BFA0D4h 0x0000001c jp 00007FD448BFA166h 0x0000001e pop ebp 0x0000001f mov ch, 2Fh 0x00000021 mov ax, BE00h 0x00000025 or eax, ebx 0x00000027 jnle 00007FD448BFA0B1h 0x00000029 jle 00007FD448BFA099h 0x0000002b add esp, 04h 0x0000002e jnbe 00007FD448BFA11Bh 0x00000030 pushfd 0x00000031 mov cx, word ptr [esp+02h] 0x00000036 jmp 00007FD448BFA0D4h 0x00000038 lea edi, dword ptr [ecx+ebx] 0x0000003b mov edi, dword ptr [esp+04h] 0x0000003f mov edx, 6C4C3A78h 0x00000044 push dx 0x00000046 jmp 00007FD448BFA100h 0x00000048 lea esp, dword ptr [esp+02h] 0x0000004c lea esp, dword ptr [esp+08h] 0x00000050 call 00007FD448BFA121h 0x00000055 mov ax, dx 0x00000058 mov cl, B9h 0x0000005a bt dx, bx 0x0000005e xchg dword ptr [esp], ecx 0x00000061 jmp 00007FD448BFA0CEh 0x00000063 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84B903 second address: 000000006C83CBBE instructions: 0x00000000 rdtsc 0x00000002 sub edx, eax 0x00000004 mov ax, bx 0x00000007 add dx, dx 0x0000000a mov ah, E4h 0x0000000c jmp 00007FD448BF55A8h 0x0000000e lea ecx, dword ptr [ecx-0000ED1Ch] 0x00000014 mov dx, AE09h 0x00000018 mov eax, dword ptr [esp] 0x0000001b btc ax, si 0x0000001f call 00007FD448BF584Dh 0x00000024 xchg dword ptr [esp+04h], ecx 0x00000028 mov ch, byte ptr [esp] 0x0000002b jmp 00007FD448BF53C3h 0x00000030 sub esp, 16h 0x00000033 mov ax, word ptr [esp+07h] 0x00000038 mov ecx, dword ptr [esp+12h] 0x0000003c add esp, 07h 0x0000003f lea esp, dword ptr [esp+03h] 0x00000043 push dword ptr [esp+10h] 0x00000047 retn 0014h 0x0000004a mov ebx, ebp 0x0000004c lea eax, dword ptr [esp+ecx] 0x0000004f setle ah 0x00000052 sets dl 0x00000055 call 00007FD448BF556Fh 0x0000005a xchg cl, ch 0x0000005c pushad 0x0000005d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CBBE second address: 000000006C83CBE2 instructions: 0x00000000 rdtsc 0x00000002 mov al, bh 0x00000004 xchg dword ptr [esp+20h], esi 0x00000008 jmp 00007FD448BFA10Ch 0x0000000a rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CBE2 second address: 000000006C83CCAF instructions: 0x00000000 rdtsc 0x00000002 xchg ecx, edx 0x00000004 mov ax, word ptr [esp] 0x00000008 mov edx, B68AAC39h 0x0000000d lea esi, dword ptr [esi-00000052h] 0x00000013 xchg eax, edx 0x00000014 jmp 00007FD448BF55B3h 0x00000016 mov edx, ecx 0x00000018 lea eax, dword ptr [00000000h+edi*4] 0x0000001f mov dx, 208Bh 0x00000023 xchg dword ptr [esp+20h], esi 0x00000027 mov cl, ch 0x00000029 xchg dx, ax 0x0000002c jmp 00007FD448BF5563h 0x0000002e xchg dx, ax 0x00000031 mov ecx, dword ptr [esp] 0x00000034 push dword ptr [esp+20h] 0x00000038 retn 0024h 0x0000003b mov eax, 12F33EA2h 0x00000040 xor cl, 00000044h 0x00000043 jnl 00007FD448BF5670h 0x00000049 pushfd 0x0000004a mov dx, cx 0x0000004d mov dh, 56h 0x0000004f lea eax, dword ptr [ebx-03h] 0x00000052 lea ecx, dword ptr [ecx-0F5291AAh] 0x00000058 lea esp, dword ptr [esp+04h] 0x0000005c sub ebp, 1284C013h 0x00000062 call 00007FD448BF55ACh 0x00000067 mov ecx, dword ptr [esp] 0x0000006a rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CCAF second address: 000000006C83CC9D instructions: 0x00000000 rdtsc 0x00000002 neg al 0x00000004 neg al 0x00000006 push sp 0x00000008 jmp 00007FD448BFA0CFh 0x0000000a lea esp, dword ptr [esp+02h] 0x0000000e xchg dword ptr [esp], ebx 0x00000011 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CC9D second address: 000000006C83CCC5 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 93656786h 0x00000007 jmp 00007FD448BF55A5h 0x00000009 mov edx, dword ptr [esp] 0x0000000c lea ebx, dword ptr [ebx-00000034h] 0x00000012 shr eax, 0Ch 0x00000015 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CE39 second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BFA0AFh 0x00000004 xor ebp, 2D4823BBh 0x0000000a mov ah, byte ptr [esp] 0x0000000d clc 0x0000000e je 00007FD448BFA0D0h 0x00000010 jne 00007FD448BFA0FAh 0x00000012 mov eax, 09013DC9h 0x00000017 sub esp, 19h 0x0000001a lea esp, dword ptr [esp+01h] 0x0000001e jmp 00007FD448BFA176h 0x00000023 add ebp, dword ptr [esi] 0x00000025 lea eax, dword ptr [00000000h+edx*4] 0x0000002c xchg ch, cl 0x0000002e jmp 00007FD448BFA09Dh 0x00000030 movzx ecx, byte ptr [ebp+00h] 0x00000034 jmp 00007FD448BFA0CFh 0x00000036 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CE3D second address: 000000006C83CEB5 instructions: 0x00000000 rdtsc 0x00000002 clc 0x00000003 jnbe 00007FD448BF55C6h 0x00000005 not ax 0x00000008 call 00007FD448BF5577h 0x0000000d mov ax, di 0x00000010 jmp 00007FD448BF55ABh 0x00000012 mov edx, dword ptr [esp] 0x00000015 add esp, 02h 0x00000018 jmp 00007FD448BF55EDh 0x0000001a jnle 00007FD448BF5539h 0x0000001c mov dl, dh 0x0000001e mov dh, byte ptr [esp+01h] 0x00000022 call 00007FD448BF55C9h 0x00000027 lea esp, dword ptr [esp+02h] 0x0000002b jmp 00007FD448BF5576h 0x0000002d add cl, bl 0x0000002f rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83D042 second address: 000000006C83D0C7 instructions: 0x00000000 rdtsc 0x00000002 btr eax, ebp 0x00000005 jnp 00007FD448BFA139h 0x00000007 mov dx, word ptr [esp] 0x0000000b jmp 00007FD448BFA122h 0x0000000d inc ebp 0x0000000e rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83DC6E second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 and cx, si 0x00000005 jnc 00007FD448BF55BEh 0x00000007 jmp 00007FD448BF557Ah 0x00000009 mov dx, word ptr [esp] 0x0000000d jmp 00007FD448BF55B8h 0x0000000f sub esp, 02h 0x00000012 jne 00007FD448BF55D1h 0x00000014 lea eax, dword ptr [esp+edi] 0x00000017 lea esp, dword ptr [esp+02h] 0x0000001b jmp 00007FD448BF55C4h 0x0000001d lea eax, dword ptr [edi+50h] 0x00000020 xchg dx, cx 0x00000023 stc 0x00000024 jc 00007FD448BF5518h 0x00000026 push di 0x00000028 lea esp, dword ptr [esp+02h] 0x0000002c jmp 00007FD448BF5606h 0x0000002e cmp esi, eax 0x00000030 jmp 00007FD448BF56CBh 0x00000035 jl 00007FD448BF545Bh 0x0000003b jnl 00007FD448BF5455h 0x00000041 ja 00007FD448BF46A1h 0x00000047 movzx ecx, byte ptr [ebp+00h] 0x0000004b jmp 00007FD448BF556Fh 0x0000004d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84DBDC second address: 000000006C84DDC5 instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 stc 0x00000004 jnc 00007FD448BFA0B2h 0x00000006 shl bp, cl 0x00000009 jmp 00007FD448BFA191h 0x0000000e push esi 0x0000000f xchg bp, ax 0x00000012 pushfd 0x00000013 jmp 00007FD448BFA0A7h 0x00000015 inc bp 0x00000017 jnc 00007FD448BFA0CAh 0x00000019 jc 00007FD448BFA0C8h 0x0000001b push edi 0x0000001c xchg dh, dl 0x0000001e xchg dl, cl 0x00000020 jmp 00007FD448BFA0D5h 0x00000022 sub esp, 00000000h 0x00000025 jbe 00007FD448BFA10Ah 0x00000027 mov ecx, dword ptr [esp] 0x0000002a lea edx, dword ptr [esi+esi] 0x0000002d add dx, bx 0x00000030 jmp 00007FD448BFA13Bh 0x00000032 pop ebp 0x00000033 sub esp, 03h 0x00000036 jbe 00007FD448BFA0D3h 0x00000038 rol esi, cl 0x0000003a add esp, 01h 0x0000003d lea esp, dword ptr [esp+02h] 0x00000041 jmp 00007FD448BFA2B9h 0x00000046 add esp, 04h 0x00000049 jno 00007FD448BFA078h 0x0000004b pop edi 0x0000004c rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C848B7C second address: 000000006C848BB9 instructions: 0x00000000 rdtsc 0x00000002 lea ecx, dword ptr [00000000h+esi*4] 0x00000009 neg cx 0x0000000c jmp 00007FD448BF55BEh 0x0000000e lea eax, dword ptr [eax+ecx] 0x00000011 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C848B0F second address: 000000006C848C6A instructions: 0x00000000 rdtsc 0x00000002 xchg dh, ch 0x00000004 jmp 00007FD448BF572Dh 0x00000009 not eax 0x0000000b not ax 0x0000000e mov edx, edi 0x00000010 mov ecx, dword ptr [edx] 0x00000012 jmp 00007FD448BF553Fh 0x00000014 mov eax, edx 0x00000016 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C848C6A second address: 000000006C848C3A instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 jne 00007FD448BFA0BDh 0x00000005 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C849089 second address: 000000006C84907A instructions: 0x00000000 rdtsc 0x00000002 pop eax 0x00000003 lea esi, dword ptr [esi-00000153h] 0x00000009 mov dh, BBh 0x0000000b mov dh, byte ptr [esp] 0x0000000e jmp 00007FD448BF555Fh 0x00000010 mov eax, 75B25F11h 0x00000015 lea edx, dword ptr [00000000h+eax*4] 0x0000001c xchg dword ptr [esp+10h], esi 0x00000020 push edi 0x00000021 mov byte ptr [esp], al 0x00000024 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C8534FB second address: 000000006C85353D instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 call 00007FD448BFA0D3h 0x00000008 push esp 0x00000009 mov esi, dword ptr [esp+03h] 0x0000000d bswap eax 0x0000000f mov byte ptr [esp+01h], cl 0x00000013 mov word ptr [esp+01h], sp 0x00000018 jmp 00007FD448BFA119h 0x0000001a xchg dword ptr [esp+04h], ebp 0x0000001e pushad 0x0000001f inc cx 0x00000021 bsf di, bx 0x00000025 pop esi 0x00000026 clc 0x00000027 jmp 00007FD448BFA0CDh 0x00000029 lea ebp, dword ptr [ebp-0000003Ch] 0x0000002f mov cl, dl 0x00000031 bsr edi, ecx 0x00000034 cmc 0x00000035 cmc 0x00000036 jmp 00007FD448BFA13Dh 0x00000038 xchg dword ptr [esp+20h], ebp 0x0000003c inc cl 0x0000003e cmc 0x0000003f setne dh 0x00000042 lea edi, dword ptr [ecx+ebp] 0x00000045 push dword ptr [esp+20h] 0x00000049 retn 0024h 0x0000004c bswap edx 0x0000004e jmp 00007FD448BFA164h 0x00000050 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C85353D second address: 000000006C83CBBE instructions: 0x00000000 rdtsc 0x00000002 lea edx, dword ptr [ecx+000000CFh] 0x00000008 mov cl, ch 0x0000000a mov al, 0Ch 0x0000000c mov esi, eax 0x0000000e sub esp, 0Bh 0x00000011 jmp 00007FD448BF55B4h 0x00000013 jle 00007FD448BF55B0h 0x00000015 mov al, ah 0x00000017 lea esp, dword ptr [esp+03h] 0x0000001b jmp 00007FD448BF55AEh 0x0000001d jmp 00007FD448BF5574h 0x0000001f add esp, 08h 0x00000022 jo 00007FD448BF55C1h 0x00000024 jno 00007FD448BF55BFh 0x00000026 pop esi 0x00000027 xchg ch, al 0x00000029 pushfd 0x0000002a jmp 00007FD448BF5576h 0x0000002c mov cl, 90h 0x0000002e bswap edx 0x00000030 jmp 00007FD448BF55A8h 0x00000032 add esp, 04h 0x00000035 jmp 00007FD448BF56AEh 0x0000003a jne 00007FD448BF5478h 0x00000040 pop ebp 0x00000041 mov di, word ptr [esp] 0x00000045 xchg ah, al 0x00000047 mov ah, 7Dh 0x00000049 jmp 00007FD448BF564Ch 0x0000004e bsr ax, bp 0x00000052 jnbe 00007FD448BF551Ch 0x00000054 pop edi 0x00000055 jmp 00007FD448BDEB4Ch 0x0000005a mov ebx, ebp 0x0000005c lea eax, dword ptr [esp+ecx] 0x0000005f setle ah 0x00000062 sets dl 0x00000065 call 00007FD448BF556Fh 0x0000006a xchg cl, ch 0x0000006c pushad 0x0000006d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84BA9C second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [esp] 0x00000005 jmp 00007FD448BEB4A9h 0x0000000a movzx ecx, byte ptr [ebp+00h] 0x0000000e jmp 00007FD448BFA0CFh 0x00000010 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C853196 second address: 000000006C851849 instructions: 0x00000000 rdtsc 0x00000002 stc 0x00000003 jmp 00007FD448BFA218h 0x00000008 jo 00007FD448BF9FCEh 0x0000000e mov edx, 4C97B051h 0x00000013 neg edx 0x00000015 jmp 00007FD448BFA073h 0x00000017 mov eax, dword ptr [esi] 0x0000001a setnl dh 0x0000001d jmp 00007FD448BFA10Ch 0x0000001f mov dh, cl 0x00000021 call 00007FD448BFA0D4h 0x00000026 sub esi, 04h 0x00000029 mov edx, esi 0x0000002b lea edx, dword ptr [esp+esi] 0x0000002e pushfd 0x0000002f jmp 00007FD448BFA11Eh 0x00000031 btc ecx, ecx 0x00000034 jle 00007FD448BFA0D7h 0x00000036 jnle 00007FD448BFA0D5h 0x00000038 mov dword ptr [esi], eax 0x0000003a lea ecx, dword ptr [ebp+00003F07h] 0x00000040 bts cx, bx 0x00000044 jmp 00007FD448BFA179h 0x00000049 jc 00007FD448BFA078h 0x0000004b xchg dh, cl 0x0000004d mov dx, FA48h 0x00000051 jmp 00007FD448BF869Ch 0x00000056 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C851BCB second address: 000000006C851E93 instructions: 0x00000000 rdtsc 0x00000002 sub esp, 11h 0x00000005 mov word ptr [esp+07h], ax 0x0000000a inc dx 0x0000000c jmp 00007FD448BF55ADh 0x0000000e lea esp, dword ptr [esp+01h] 0x00000012 lea edi, dword ptr [edi-0000002Bh] 0x00000018 bswap edx 0x0000001a adc edx, ecx 0x0000001c dec dh 0x0000001e setb ah 0x00000021 jmp 00007FD448BF5BDFh 0x00000026 xchg dword ptr [esp+10h], edi 0x0000002a bsr eax, ecx 0x0000002d sub eax, esi 0x0000002f push dword ptr [esp+10h] 0x00000033 retn 0014h 0x00000036 mov edx, eax 0x00000038 mov eax, ebp 0x0000003a btr eax, ebp 0x0000003d jmp 00007FD448BF59A0h 0x00000042 jl 00007FD448BF572Ah 0x00000048 mov eax, esi 0x0000004a inc cl 0x0000004c bsr dx, ax 0x00000050 jmp 00007FD448BF51E9h 0x00000055 jnp 00007FD448BF566Eh 0x0000005b mov edx, dword ptr [esp] 0x0000005e xchg eax, edx 0x0000005f jmp 00007FD448BF5471h 0x00000064 bsf edx, ebp 0x00000067 jmp 00007FD448BF5787h 0x0000006c pushad 0x0000006d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83A7C8 second address: 000000006C83A807 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BFA0CCh 0x00000004 sub esp, 000000A0h 0x0000000a call 00007FD448BFA145h 0x0000000f setno bl 0x00000012 mov al, byte ptr [esp] 0x00000015 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C8539C4 second address: 000000006C8539F9 instructions: 0x00000000 rdtsc 0x00000002 lea esp, dword ptr [esp+02h] 0x00000006 jmp 00007FD448BF5565h 0x00000008 lea ebp, dword ptr [ebp-00000520h] 0x0000000e xchg eax, edx 0x0000000f lea eax, dword ptr [00000000h+ecx*4] 0x00000016 jmp 00007FD448BF55CCh 0x00000018 mov dx, bp 0x0000001b lea eax, dword ptr [edi+ebp] 0x0000001e not eax 0x00000020 xchg dword ptr [esp+3Ch], ebp 0x00000024 bsf dx, di 0x00000028 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83A7C8 second address: 000000006C83A807 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BF556Ch 0x00000004 sub esp, 000000A0h 0x0000000a call 00007FD448BF55E5h 0x0000000f setno bl 0x00000012 mov al, byte ptr [esp] 0x00000015 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C8539C4 second address: 000000006C8539F9 instructions: 0x00000000 rdtsc 0x00000002 lea esp, dword ptr [esp+02h] 0x00000006 jmp 00007FD448BFA0C5h 0x00000008 lea ebp, dword ptr [ebp-00000520h] 0x0000000e xchg eax, edx 0x0000000f lea eax, dword ptr [00000000h+ecx*4] 0x00000016 jmp 00007FD448BFA12Ch 0x00000018 mov dx, bp 0x0000001b lea eax, dword ptr [edi+ebp] 0x0000001e not eax 0x00000020 xchg dword ptr [esp+3Ch], ebp 0x00000024 bsf dx, di 0x00000028 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88A396 second address: 000000006C88A359 instructions: 0x00000000 rdtsc 0x00000002 bswap ecx 0x00000004 mov dh, byte ptr [esp] 0x00000007 jmp 00007FD448BF9FC8h 0x0000000c add esi, 02h 0x0000000f btr cx, ax 0x00000013 jno 00007FD448BFA1CDh 0x00000019 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88A359 second address: 000000006C88A2DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BF54E1h 0x00000007 not cl 0x00000009 call 00007FD448BF55DDh 0x0000000e lea edx, dword ptr [00000000h+esi*4] 0x00000015 mov cx, E8B9h 0x00000019 rcl dx, cl 0x0000001c btc cx, ax 0x00000020 xchg al, cl 0x00000022 jmp 00007FD448BF5559h 0x00000024 xchg dword ptr [esp], edi 0x00000027 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88A2DB second address: 000000006C88A2D0 instructions: 0x00000000 rdtsc 0x00000002 btc eax, ebx 0x00000005 mov eax, edx 0x00000007 xchg ch, ah 0x00000009 lea edi, dword ptr [edi-0004D459h] 0x0000000f jmp 00007FD448BFA0C8h 0x00000011 mov eax, edi 0x00000013 mov dx, EA8Dh 0x00000017 lea ecx, dword ptr [ebx+52h] 0x0000001a xchg dword ptr [esp], edi 0x0000001d bswap edx 0x0000001f rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88A2D0 second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BF55E5h 0x00000004 push dword ptr [esp] 0x00000007 retn 0004h 0x0000000a movzx ecx, byte ptr [ebp+00h] 0x0000000e jmp 00007FD448BF556Fh 0x00000010 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84E1D1 second address: 000000006C84E3D9 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 xchg word ptr [esp], ax 0x00000007 lea ecx, dword ptr [ecx+esi] 0x0000000a xchg dword ptr [esp+04h], esi 0x0000000e jmp 00007FD448BFA0F6h 0x00000010 cmc 0x00000011 neg al 0x00000013 dec cx 0x00000015 lea ecx, dword ptr [00000000h+edi*4] 0x0000001c mov eax, 63E4BEA4h 0x00000021 jmp 00007FD448BFA2D0h 0x00000026 lea esi, dword ptr [esi+2Ah] 0x00000029 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84B85B second address: 000000006C84B903 instructions: 0x00000000 rdtsc 0x00000002 lea eax, dword ptr [eax+ebx] 0x00000005 jmp 00007FD448BFA0CFh 0x00000007 cmp eax, 9DA45E12h 0x0000000c push si 0x0000000e lea esp, dword ptr [esp+02h] 0x00000012 jmp 00007FD448BFA11Eh 0x00000014 pop esi 0x00000015 mov al, dl 0x00000017 mov al, dl 0x00000019 clc 0x0000001a jnp 00007FD448BFA0D4h 0x0000001c jmp 00007FD448BFA184h 0x00000021 pop ebp 0x00000022 mov ch, 2Fh 0x00000024 mov ax, BE00h 0x00000028 or eax, ebx 0x0000002a jnle 00007FD448BFA0B1h 0x0000002c jle 00007FD448BFA099h 0x0000002e add esp, 04h 0x00000031 jnbe 00007FD448BFA11Bh 0x00000033 pushfd 0x00000034 mov cx, word ptr [esp+02h] 0x00000039 jmp 00007FD448BFA0D4h 0x0000003b lea edi, dword ptr [ecx+ebx] 0x0000003e mov edi, dword ptr [esp+04h] 0x00000042 mov edx, 6C4C3A78h 0x00000047 push dx 0x00000049 jmp 00007FD448BFA100h 0x0000004b lea esp, dword ptr [esp+02h] 0x0000004f lea esp, dword ptr [esp+08h] 0x00000053 call 00007FD448BFA121h 0x00000058 mov ax, dx 0x0000005b mov cl, B9h 0x0000005d bt dx, bx 0x00000061 xchg dword ptr [esp], ecx 0x00000064 jmp 00007FD448BFA0CEh 0x00000066 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88A396 second address: 000000006C88A359 instructions: 0x00000000 rdtsc 0x00000002 bswap ecx 0x00000004 mov dh, byte ptr [esp] 0x00000007 jmp 00007FD448BF5468h 0x0000000c add esi, 02h 0x0000000f btr cx, ax 0x00000013 jno 00007FD448BF566Dh 0x00000019 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88A359 second address: 000000006C88A2DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BFA041h 0x00000007 not cl 0x00000009 call 00007FD448BFA13Dh 0x0000000e lea edx, dword ptr [00000000h+esi*4] 0x00000015 mov cx, E8B9h 0x00000019 rcl dx, cl 0x0000001c btc cx, ax 0x00000020 xchg al, cl 0x00000022 jmp 00007FD448BFA0B9h 0x00000024 xchg dword ptr [esp], edi 0x00000027 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88A2DB second address: 000000006C88A2D0 instructions: 0x00000000 rdtsc 0x00000002 btc eax, ebx 0x00000005 mov eax, edx 0x00000007 xchg ch, ah 0x00000009 lea edi, dword ptr [edi-0004D459h] 0x0000000f jmp 00007FD448BF5568h 0x00000011 mov eax, edi 0x00000013 mov dx, EA8Dh 0x00000017 lea ecx, dword ptr [ebx+52h] 0x0000001a xchg dword ptr [esp], edi 0x0000001d bswap edx 0x0000001f rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88A2D0 second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BFA145h 0x00000004 push dword ptr [esp] 0x00000007 retn 0004h 0x0000000a movzx ecx, byte ptr [ebp+00h] 0x0000000e jmp 00007FD448BFA0CFh 0x00000010 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C83EAC9 second address: 000000006C83EEF8 instructions: 0x00000000 rdtsc 0x00000002 mov dl, F2h 0x00000004 bswap ecx 0x00000006 call 00007FD448BFA0CAh 0x0000000b jmp 00007FD448BFA11Bh 0x0000000d lea ebx, dword ptr [ebx+55h] 0x00000010 lea ecx, dword ptr [00000000h+ebx*4] 0x00000017 bsr bp, cx 0x0000001b rcl ecx, 19h 0x0000001e xchg dword ptr [esp+04h], ebx 0x00000022 jmp 00007FD448BFA54Bh 0x00000027 mov al, F1h 0x00000029 rcl bx, 1 0x0000002c inc bx 0x0000002e sub esp, 1Eh 0x00000031 ror ax, 0002h 0x00000035 lea esp, dword ptr [esp+02h] 0x00000039 jmp 00007FD448BFA0B0h 0x0000003b push dword ptr [esp+20h] 0x0000003f retn 0024h 0x00000042 lea edi, dword ptr [esp+0Ch] 0x00000046 mov dl, byte ptr [esp] 0x00000049 jmp 00007FD448BFA55Ah 0x0000004e sub esp, 000000B4h 0x00000054 mov ebp, esp 0x00000056 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C84B709 second address: 000000006C84B85B instructions: 0x00000000 rdtsc 0x00000002 mov ah, byte ptr [esp] 0x00000005 jmp 00007FD448BF55ADh 0x00000007 mov dh, byte ptr [esp] 0x0000000a jmp 00007FD448BF55C0h 0x0000000c mov ecx, edi 0x0000000e mov esi, dword ptr [ecx] 0x00000010 bsf ecx, ecx 0x00000013 jnp 00007FD448BF5573h 0x00000015 jmp 00007FD448BF5625h 0x0000001a mov al, 96h 0x0000001c xchg edx, ecx 0x0000001e add edi, 04h 0x00000021 jmp 00007FD448BF5549h 0x00000023 btc edx, esi 0x00000026 je 00007FD448BF5577h 0x00000028 bsr eax, edi 0x0000002b setnl dh 0x0000002e jmp 00007FD448BF55ACh 0x00000030 push ebp 0x00000031 lea ecx, dword ptr [ecx+esi] 0x00000034 call 00007FD448BF5572h 0x00000039 mov ch, byte ptr [esp] 0x0000003c push esi 0x0000003d jmp 00007FD448BF5612h 0x00000042 and ebp, esi 0x00000044 jns 00007FD448BF555Eh 0x00000046 mov cx, word ptr [esp] 0x0000004a mov cl, byte ptr [esp] 0x0000004d jmp 00007FD448BF556Fh 0x0000004f dec ax 0x00000051 push edi 0x00000052 mov dx, 9280h 0x00000056 mov dx, B8F4h 0x0000005a jmp 00007FD448BF55A8h 0x0000005c mov bp, word ptr [esp] 0x00000060 sbb ax, bp 0x00000063 jmp 00007FD448BF55D9h 0x00000065 jnc 00007FD448BF554Dh 0x00000067 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C84B85B second address: 000000006C84B903 instructions: 0x00000000 rdtsc 0x00000002 lea eax, dword ptr [eax+ebx] 0x00000005 jmp 00007FD448BFA0CFh 0x00000007 cmp eax, 9DA45E12h 0x0000000c push si 0x0000000e lea esp, dword ptr [esp+02h] 0x00000012 jmp 00007FD448BFA11Eh 0x00000014 pop esi 0x00000015 mov al, dl 0x00000017 mov al, dl 0x00000019 clc 0x0000001a jnp 00007FD448BFA0D4h 0x0000001c jmp 00007FD448BFA184h 0x00000021 pop ebp 0x00000022 mov ch, 2Fh 0x00000024 mov ax, BE00h 0x00000028 or eax, ebx 0x0000002a jnle 00007FD448BFA0B1h 0x0000002c jle 00007FD448BFA099h 0x0000002e add esp, 04h 0x00000031 jnbe 00007FD448BFA11Bh 0x00000033 pushfd 0x00000034 mov cx, word ptr [esp+02h] 0x00000039 jmp 00007FD448BFA0D4h 0x0000003b lea edi, dword ptr [ecx+ebx] 0x0000003e mov edi, dword ptr [esp+04h] 0x00000042 mov edx, 6C4C3A78h 0x00000047 push dx 0x00000049 jmp 00007FD448BFA100h 0x0000004b lea esp, dword ptr [esp+02h] 0x0000004f lea esp, dword ptr [esp+08h] 0x00000053 call 00007FD448BFA121h 0x00000058 mov ax, dx 0x0000005b mov cl, B9h 0x0000005d bt dx, bx 0x00000061 xchg dword ptr [esp], ecx 0x00000064 jmp 00007FD448BFA0CEh 0x00000066 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C84B903 second address: 000000006C83CBBE instructions: 0x00000000 rdtsc 0x00000002 sub edx, eax 0x00000004 mov ax, bx 0x00000007 add dx, dx 0x0000000a mov ah, E4h 0x0000000c jmp 00007FD448BF55A8h 0x0000000e lea ecx, dword ptr [ecx-0000ED1Ch] 0x00000014 mov dx, AE09h 0x00000018 mov eax, dword ptr [esp] 0x0000001b btc ax, si 0x0000001f call 00007FD448BF584Dh 0x00000024 xchg dword ptr [esp+04h], ecx 0x00000028 mov ch, byte ptr [esp] 0x0000002b jmp 00007FD448BF53C3h 0x00000030 sub esp, 16h 0x00000033 mov ax, word ptr [esp+07h] 0x00000038 mov ecx, dword ptr [esp+12h] 0x0000003c add esp, 07h 0x0000003f lea esp, dword ptr [esp+03h] 0x00000043 push dword ptr [esp+10h] 0x00000047 retn 0014h 0x0000004a mov ebx, ebp 0x0000004c lea eax, dword ptr [esp+ecx] 0x0000004f setle ah 0x00000052 sets dl 0x00000055 call 00007FD448BF556Fh 0x0000005a xchg cl, ch 0x0000005c pushad 0x0000005d rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C83CBBE second address: 000000006C83CBE2 instructions: 0x00000000 rdtsc 0x00000002 mov al, bh 0x00000004 xchg dword ptr [esp+20h], esi 0x00000008 jmp 00007FD448BFA10Ch 0x0000000a rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C83CBE2 second address: 000000006C83CCAF instructions: 0x00000000 rdtsc 0x00000002 xchg ecx, edx 0x00000004 mov ax, word ptr [esp] 0x00000008 mov edx, B68AAC39h 0x0000000d lea esi, dword ptr [esi-00000052h] 0x00000013 xchg eax, edx 0x00000014 jmp 00007FD448BF55B3h 0x00000016 mov edx, ecx 0x00000018 lea eax, dword ptr [00000000h+edi*4] 0x0000001f mov dx, 208Bh 0x00000023 xchg dword ptr [esp+20h], esi 0x00000027 mov cl, ch 0x00000029 xchg dx, ax 0x0000002c jmp 00007FD448BF5563h 0x0000002e xchg dx, ax 0x00000031 mov ecx, dword ptr [esp] 0x00000034 push dword ptr [esp+20h] 0x00000038 retn 0024h 0x0000003b mov eax, 12F33EA2h 0x00000040 xor cl, 00000044h 0x00000043 jnl 00007FD448BF5670h 0x00000049 pushfd 0x0000004a mov dx, cx 0x0000004d mov dh, 56h 0x0000004f lea eax, dword ptr [ebx-03h] 0x00000052 lea ecx, dword ptr [ecx-0F5291AAh] 0x00000058 lea esp, dword ptr [esp+04h] 0x0000005c sub ebp, 1284C013h 0x00000062 call 00007FD448BF55ACh 0x00000067 mov ecx, dword ptr [esp] 0x0000006a rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C83CCAF second address: 000000006C83CC9D instructions: 0x00000000 rdtsc 0x00000002 neg al 0x00000004 neg al 0x00000006 push sp 0x00000008 jmp 00007FD448BFA0CFh 0x0000000a lea esp, dword ptr [esp+02h] 0x0000000e xchg dword ptr [esp], ebx 0x00000011 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C83CC9D second address: 000000006C83CCC5 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 93656786h 0x00000007 jmp 00007FD448BF55A5h 0x00000009 mov edx, dword ptr [esp] 0x0000000c lea ebx, dword ptr [ebx-00000034h] 0x00000012 shr eax, 0Ch 0x00000015 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C83CE39 second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BFA0AFh 0x00000004 xor ebp, 2D4823BBh 0x0000000a mov ah, byte ptr [esp] 0x0000000d clc 0x0000000e je 00007FD448BFA0D0h 0x00000010 jne 00007FD448BFA0FAh 0x00000012 mov eax, 09013DC9h 0x00000017 sub esp, 19h 0x0000001a lea esp, dword ptr [esp+01h] 0x0000001e jmp 00007FD448BFA176h 0x00000023 add ebp, dword ptr [esi] 0x00000025 lea eax, dword ptr [00000000h+edx*4] 0x0000002c xchg ch, cl 0x0000002e jmp 00007FD448BFA09Dh 0x00000030 movzx ecx, byte ptr [ebp+00h] 0x00000034 jmp 00007FD448BFA0CFh 0x00000036 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C83CE3D second address: 000000006C83CEB5 instructions: 0x00000000 rdtsc 0x00000002 clc 0x00000003 jnbe 00007FD448BF55C6h 0x00000005 not ax 0x00000008 call 00007FD448BF5577h 0x0000000d mov ax, di 0x00000010 jmp 00007FD448BF55ABh 0x00000012 mov edx, dword ptr [esp] 0x00000015 add esp, 02h 0x00000018 jmp 00007FD448BF55EDh 0x0000001a jnle 00007FD448BF5539h 0x0000001c mov dl, dh 0x0000001e mov dh, byte ptr [esp+01h] 0x00000022 call 00007FD448BF55C9h 0x00000027 lea esp, dword ptr [esp+02h] 0x0000002b jmp 00007FD448BF5576h 0x0000002d add cl, bl 0x0000002f rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C83D042 second address: 000000006C83D0C7 instructions: 0x00000000 rdtsc 0x00000002 btr eax, ebp 0x00000005 jnp 00007FD448BFA139h 0x00000007 mov dx, word ptr [esp] 0x0000000b jmp 00007FD448BFA122h 0x0000000d inc ebp 0x0000000e rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C83DC6E second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 and cx, si 0x00000005 jnc 00007FD448BF55BEh 0x00000007 jmp 00007FD448BF557Ah 0x00000009 mov dx, word ptr [esp] 0x0000000d jmp 00007FD448BF55B8h 0x0000000f sub esp, 02h 0x00000012 jne 00007FD448BF55D1h 0x00000014 lea eax, dword ptr [esp+edi] 0x00000017 lea esp, dword ptr [esp+02h] 0x0000001b jmp 00007FD448BF55C4h 0x0000001d lea eax, dword ptr [edi+50h] 0x00000020 xchg dx, cx 0x00000023 stc 0x00000024 jc 00007FD448BF5518h 0x00000026 push di 0x00000028 lea esp, dword ptr [esp+02h] 0x0000002c jmp 00007FD448BF5606h 0x0000002e cmp esi, eax 0x00000030 jmp 00007FD448BF56CBh 0x00000035 jl 00007FD448BF545Bh 0x0000003b jnl 00007FD448BF5455h 0x00000041 ja 00007FD448BF46A1h 0x00000047 movzx ecx, byte ptr [ebp+00h] 0x0000004b jmp 00007FD448BF556Fh 0x0000004d rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C84DBDC second address: 000000006C84DDC5 instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 stc 0x00000004 jnc 00007FD448BFA0B2h 0x00000006 shl bp, cl 0x00000009 jmp 00007FD448BFA191h 0x0000000e push esi 0x0000000f xchg bp, ax 0x00000012 pushfd 0x00000013 jmp 00007FD448BFA0A7h 0x00000015 inc bp 0x00000017 jnc 00007FD448BFA0CAh 0x00000019 jc 00007FD448BFA0C8h 0x0000001b push edi 0x0000001c xchg dh, dl 0x0000001e xchg dl, cl 0x00000020 jmp 00007FD448BFA0D5h 0x00000022 sub esp, 00000000h 0x00000025 jbe 00007FD448BFA10Ah 0x00000027 mov ecx, dword ptr [esp] 0x0000002a lea edx, dword ptr [esi+esi] 0x0000002d add dx, bx 0x00000030 jmp 00007FD448BFA13Bh 0x00000032 pop ebp 0x00000033 sub esp, 03h 0x00000036 jbe 00007FD448BFA0D3h 0x00000038 rol esi, cl 0x0000003a add esp, 01h 0x0000003d lea esp, dword ptr [esp+02h] 0x00000041 jmp 00007FD448BFA2B9h 0x00000046 add esp, 04h 0x00000049 jno 00007FD448BFA078h 0x0000004b pop edi 0x0000004c rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C848B7C second address: 000000006C848BB9 instructions: 0x00000000 rdtsc 0x00000002 lea ecx, dword ptr [00000000h+esi*4] 0x00000009 neg cx 0x0000000c jmp 00007FD448BF55BEh 0x0000000e lea eax, dword ptr [eax+ecx] 0x00000011 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C848BB9 second address: 000000006C848B0F instructions: 0x00000000 rdtsc 0x00000002 push dword ptr [esp+04h] 0x00000006 retn 0008h 0x00000009 sub ebp, 04h 0x0000000c rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C848B0F second address: 000000006C848C6A instructions: 0x00000000 rdtsc 0x00000002 xchg dh, ch 0x00000004 jmp 00007FD448BF572Dh 0x00000009 not eax 0x0000000b not ax 0x0000000e mov edx, edi 0x00000010 mov ecx, dword ptr [edx] 0x00000012 jmp 00007FD448BF553Fh 0x00000014 mov eax, edx 0x00000016 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C848C6A second address: 000000006C848C3A instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 jne 00007FD448BFA0BDh 0x00000005 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C849089 second address: 000000006C84907A instructions: 0x00000000 rdtsc 0x00000002 pop eax 0x00000003 lea esi, dword ptr [esi-00000153h] 0x00000009 mov dh, BBh 0x0000000b mov dh, byte ptr [esp] 0x0000000e jmp 00007FD448BF555Fh 0x00000010 mov eax, 75B25F11h 0x00000015 lea edx, dword ptr [00000000h+eax*4] 0x0000001c xchg dword ptr [esp+10h], esi 0x00000020 push edi 0x00000021 mov byte ptr [esp], al 0x00000024 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C8534FB second address: 000000006C85353D instructions: 0x00000000 rdtsc 0x00000002 push ebp 0x00000003 call 00007FD448BFA0D3h 0x00000008 push esp 0x00000009 mov esi, dword ptr [esp+03h] 0x0000000d bswap eax 0x0000000f mov byte ptr [esp+01h], cl 0x00000013 mov word ptr [esp+01h], sp 0x00000018 jmp 00007FD448BFA119h 0x0000001a xchg dword ptr [esp+04h], ebp 0x0000001e pushad 0x0000001f inc cx 0x00000021 bsf di, bx 0x00000025 pop esi 0x00000026 clc 0x00000027 jmp 00007FD448BFA0CDh 0x00000029 lea ebp, dword ptr [ebp-0000003Ch] 0x0000002f mov cl, dl 0x00000031 bsr edi, ecx 0x00000034 cmc 0x00000035 cmc 0x00000036 jmp 00007FD448BFA13Dh 0x00000038 xchg dword ptr [esp+20h], ebp 0x0000003c inc cl 0x0000003e cmc 0x0000003f setne dh 0x00000042 lea edi, dword ptr [ecx+ebp] 0x00000045 push dword ptr [esp+20h] 0x00000049 retn 0024h 0x0000004c bswap edx 0x0000004e jmp 00007FD448BFA164h 0x00000050 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C85353D second address: 000000006C83CBBE instructions: 0x00000000 rdtsc 0x00000002 lea edx, dword ptr [ecx+000000CFh] 0x00000008 mov cl, ch 0x0000000a mov al, 0Ch 0x0000000c mov esi, eax 0x0000000e sub esp, 0Bh 0x00000011 jmp 00007FD448BF55B4h 0x00000013 jle 00007FD448BF55B0h 0x00000015 mov al, ah 0x00000017 lea esp, dword ptr [esp+03h] 0x0000001b jmp 00007FD448BF55AEh 0x0000001d jmp 00007FD448BF5574h 0x0000001f add esp, 08h 0x00000022 jo 00007FD448BF55C1h 0x00000024 jno 00007FD448BF55BFh 0x00000026 pop esi 0x00000027 xchg ch, al 0x00000029 pushfd 0x0000002a jmp 00007FD448BF5576h 0x0000002c mov cl, 90h 0x0000002e bswap edx 0x00000030 jmp 00007FD448BF55A8h 0x00000032 add esp, 04h 0x00000035 jmp 00007FD448BF56AEh 0x0000003a jne 00007FD448BF5478h 0x00000040 pop ebp 0x00000041 mov di, word ptr [esp] 0x00000045 xchg ah, al 0x00000047 mov ah, 7Dh 0x00000049 jmp 00007FD448BF564Ch 0x0000004e bsr ax, bp 0x00000052 jnbe 00007FD448BF551Ch 0x00000054 pop edi 0x00000055 jmp 00007FD448BDEB4Ch 0x0000005a mov ebx, ebp 0x0000005c lea eax, dword ptr [esp+ecx] 0x0000005f setle ah 0x00000062 sets dl 0x00000065 call 00007FD448BF556Fh 0x0000006a xchg cl, ch 0x0000006c pushad 0x0000006d rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C84BA9C second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [esp] 0x00000005 jmp 00007FD448BEB4A9h 0x0000000a movzx ecx, byte ptr [ebp+00h] 0x0000000e jmp 00007FD448BFA0CFh 0x00000010 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C851465 second address: 000000006C85146C instructions: 0x00000000 rdtsc 0x00000002 not ah 0x00000004 ror cl, 00000000h 0x00000007 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C853196 second address: 000000006C851849 instructions: 0x00000000 rdtsc 0x00000002 stc 0x00000003 jmp 00007FD448BFA218h 0x00000008 jo 00007FD448BF9FCEh 0x0000000e mov edx, 4C97B051h 0x00000013 neg edx 0x00000015 jmp 00007FD448BFA073h 0x00000017 mov eax, dword ptr [esi] 0x0000001a setnl dh 0x0000001d jmp 00007FD448BFA10Ch 0x0000001f mov dh, cl 0x00000021 call 00007FD448BFA0D4h 0x00000026 sub esi, 04h 0x00000029 mov edx, esi 0x0000002b lea edx, dword ptr [esp+esi] 0x0000002e pushfd 0x0000002f jmp 00007FD448BFA11Eh 0x00000031 btc ecx, ecx 0x00000034 jle 00007FD448BFA0D7h 0x00000036 jnle 00007FD448BFA0D5h 0x00000038 mov dword ptr [esi], eax 0x0000003a lea ecx, dword ptr [ebp+00003F07h] 0x00000040 bts cx, bx 0x00000044 jmp 00007FD448BFA179h 0x00000049 jc 00007FD448BFA078h 0x0000004b xchg dh, cl 0x0000004d mov dx, FA48h 0x00000051 jmp 00007FD448BF869Ch 0x00000056 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C851BCB second address: 000000006C851E93 instructions: 0x00000000 rdtsc 0x00000002 sub esp, 11h 0x00000005 mov word ptr [esp+07h], ax 0x0000000a inc dx 0x0000000c jmp 00007FD448BF55ADh 0x0000000e lea esp, dword ptr [esp+01h] 0x00000012 lea edi, dword ptr [edi-0000002Bh] 0x00000018 bswap edx 0x0000001a adc edx, ecx 0x0000001c dec dh 0x0000001e setb ah 0x00000021 jmp 00007FD448BF5BDFh 0x00000026 xchg dword ptr [esp+10h], edi 0x0000002a bsr eax, ecx 0x0000002d sub eax, esi 0x0000002f push dword ptr [esp+10h] 0x00000033 retn 0014h 0x00000036 mov edx, eax 0x00000038 mov eax, ebp 0x0000003a btr eax, ebp 0x0000003d jmp 00007FD448BF59A0h 0x00000042 jl 00007FD448BF572Ah 0x00000048 mov eax, esi 0x0000004a inc cl 0x0000004c bsr dx, ax 0x00000050 jmp 00007FD448BF51E9h 0x00000055 jnp 00007FD448BF566Eh 0x0000005b mov edx, dword ptr [esp] 0x0000005e xchg eax, edx 0x0000005f jmp 00007FD448BF5471h 0x00000064 bsf edx, ebp 0x00000067 jmp 00007FD448BF5787h 0x0000006c pushad 0x0000006d rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C85345B second address: 000000006C8534FB instructions: 0x00000000 rdtsc 0x00000002 mov ch, bh 0x00000004 stc 0x00000005 mov eax, dword ptr [esp] 0x00000008 jmp 00007FD448BFA109h 0x0000000a mov dl, E0h 0x0000000c push dword ptr [esp+18h] 0x00000010 retn 001Ch 0x00000013 mov edi, dword ptr [ebp+00h] 0x00000016 lea eax, dword ptr [edx+ebx] 0x00000019 setnle cl 0x0000001c mov eax, B0A52D3Ah 0x00000021 jmp 00007FD448BFA2D9h 0x00000026 push bx 0x00000028 lea esp, dword ptr [esp+02h] 0x0000002c add ebp, 04h 0x0000002f mov dx, word ptr [esp] 0x00000033 mov ecx, edx 0x00000035 jmp 00007FD448BFA035h 0x0000003a push esi 0x0000003b neg ah 0x0000003d jnle 00007FD448BFA097h 0x0000003f not ch 0x00000041 cmc 0x00000042 jmp 00007FD448BFA072h 0x00000044 push edi 0x00000045 neg ecx 0x00000047 jne 00007FD448BFA0D6h 0x00000049 jmp 00007FD448BFA144h 0x0000004b clc 0x0000004c rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C84AD3A second address: 000000006C83CBBE instructions: 0x00000000 rdtsc 0x00000002 lea eax, dword ptr [00000000h+ebx*4] 0x00000009 mov ecx, D5B43DB6h 0x0000000e jmp 00007FD448BE7419h 0x00000013 mov ebx, ebp 0x00000015 lea eax, dword ptr [esp+ecx] 0x00000018 setle ah 0x0000001b sets dl 0x0000001e call 00007FD448BF556Fh 0x00000023 xchg cl, ch 0x00000025 pushad 0x00000026 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C85457D second address: 000000006C85457F instructions: 0x00000000 rdtsc 0x00000002 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C84E1D1 second address: 000000006C84E3D9 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 xchg word ptr [esp], ax 0x00000007 lea ecx, dword ptr [ecx+esi] 0x0000000a xchg dword ptr [esp+04h], esi 0x0000000e jmp 00007FD448BFA0F6h 0x00000010 cmc 0x00000011 neg al 0x00000013 dec cx 0x00000015 lea ecx, dword ptr [00000000h+edi*4] 0x0000001c mov eax, 63E4BEA4h 0x00000021 jmp 00007FD448BFA2D0h 0x00000026 lea esi, dword ptr [esi+2Ah] 0x00000029 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C8621EC second address: 000000006C8621EE instructions: 0x00000000 rdtsc 0x00000002 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C87288F second address: 000000006C87288F instructions: 0x00000000 rdtsc 0x00000002 mov di, word ptr [esp] 0x00000006 mov dword ptr [esp+1Ch], ebp 0x0000000a popad 0x0000000b jmp 00007FD448BFA10Eh 0x0000000d lea eax, dword ptr [eax+74h] 0x00000010 mov ecx, dword ptr [eax] 0x00000012 pop eax 0x00000013 jmp 00007FD448BFA112h 0x00000015 dec dword ptr [ebp+74h] 0x00000018 sub esp, 16h 0x0000001b lea esp, dword ptr [esp+02h] 0x0000001f jmp 00007FD448BFA124h 0x00000021 lea esp, dword ptr [esp+14h] 0x00000025 test ecx, ecx 0x00000027 jne 00007FD448BFA04Eh 0x0000002d mov byte ptr [eax], 00000000h 0x00000030 jmp 00007FD448BFA0F6h 0x00000032 inc eax 0x00000033 jmp 00007FD448BFA0C0h 0x00000035 push eax 0x00000036 jmp 00007FD448BFA121h 0x00000038 pushad 0x00000039 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C899DB9 second address: 000000006C899ED1 instructions: 0x00000000 rdtsc 0x00000002 setnle cl 0x00000005 setb cl 0x00000008 jmp 00007FD448BF55E1h 0x0000000a sub edi, 08h 0x0000000d xchg ch, cl 0x0000000f bsr ecx, ebx 0x00000012 je 00007FD448BF5572h 0x00000014 jne 00007FD448BF5D83h 0x0000001a neg ch 0x0000001c jmp 00007FD448BF546Fh 0x00000021 pushad 0x00000022 xchg eax, esi 0x00000023 sub esp, 0Fh 0x00000026 jbe 00007FD448BF5511h 0x0000002c xchg word ptr [esp+06h], ax 0x00000031 mov dx, 2507h 0x00000035 lea esp, dword ptr [esp+03h] 0x00000039 mov dword ptr [esp+24h], edi 0x0000003d lea esp, dword ptr [esp+0Ch] 0x00000041 jmp 00007FD448BF4F9Fh 0x00000046 popad 0x00000047 mov dword ptr [ecx], edx 0x00000049 jmp 00007FD448BF54C5h 0x0000004e rcr ch, cl 0x00000050 jbe 00007FD448BF5578h 0x00000052 setno ch 0x00000055 jmp 00007FD448BF55EAh 0x00000057 mov edx, edi 0x00000059 add edx, 04h 0x0000005c jnl 00007FD448BF5563h 0x0000005e jmp 00007FD448BF557Ah 0x00000060 mov dword ptr [edx], eax 0x00000062 bsf eax, ebp 0x00000065 call 00007FD448BF55A3h 0x0000006a pop word ptr [esp] 0x0000006e lea esp, dword ptr [esp+02h] 0x00000072 call 00007FD448BF5596h 0x00000077 jmp 00007FD448BF55CCh 0x00000079 shl eax, 03h 0x0000007c lea edx, dword ptr [00000000h+ebp*4] 0x00000083 inc cx 0x00000085 lea ecx, dword ptr [eax+edi] 0x00000088 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C899ED1 second address: 000000006C899EEE instructions: 0x00000000 rdtsc 0x00000002 xchg dword ptr [esp], ebx 0x00000005 jmp 00007FD448BFA0A2h 0x00000007 not ah 0x00000009 mov eax, DB0AC25Ah 0x0000000e mov edx, F128A53Ch 0x00000013 pushfd 0x00000014 jmp 00007FD448BFA107h 0x00000016 lea ebx, dword ptr [ebx-00044E40h] 0x0000001c mov dx, word ptr [esp] 0x00000020 mov dh, cl 0x00000022 neg dx 0x00000025 jmp 00007FD448BFA123h 0x00000027 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C899EEE second address: 000000006C85504B instructions: 0x00000000 rdtsc 0x00000002 btc eax, esp 0x00000005 xchg dword ptr [esp+04h], ebx 0x00000009 mov cx, 5D6Fh 0x0000000d xchg cx, ax 0x00000010 sub esp, 1Eh 0x00000013 jmp 00007FD448BF5567h 0x00000015 mov dl, bl 0x00000017 not cx 0x0000001a lea esp, dword ptr [esp+02h] 0x0000001e push dword ptr [esp+20h] 0x00000022 retn 0024h 0x00000025 jmp 00007FD448BF55D8h 0x00000027 stc 0x00000028 jnle 00007FD448BF5549h 0x0000002a bsf cx, di 0x0000002e rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C882D5E second address: 000000006C882CA4 instructions: 0x00000000 rdtsc 0x00000002 mov ax, sp 0x00000005 jmp 00007FD448BFA02Eh 0x0000000a lea eax, dword ptr [edi+edi] 0x0000000d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C882CA4 second address: 000000006C851849 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BC4133h 0x00000007 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88B6DE second address: 000000006C85504B instructions: 0x00000000 rdtsc 0x00000002 mov word ptr [edi], cx 0x00000005 bswap eax 0x00000007 setb al 0x0000000a inc cx 0x0000000c jmp 00007FD448BFA121h 0x0000000e jne 00007FD448BFA0C5h 0x00000010 jmp 00007FD448BC3A45h 0x00000015 jmp 00007FD448BFA138h 0x00000017 stc 0x00000018 jnle 00007FD448BFA0A9h 0x0000001a bsf cx, di 0x0000001e rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C8534C3 second address: 000000006C85353D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BF55C8h 0x00000004 push ebp 0x00000005 call 00007FD448BF5573h 0x0000000a push esp 0x0000000b mov esi, dword ptr [esp+03h] 0x0000000f bswap eax 0x00000011 mov byte ptr [esp+01h], cl 0x00000015 mov word ptr [esp+01h], sp 0x0000001a jmp 00007FD448BF55B9h 0x0000001c xchg dword ptr [esp+04h], ebp 0x00000020 pushad 0x00000021 inc cx 0x00000023 bsf di, bx 0x00000027 pop esi 0x00000028 clc 0x00000029 jmp 00007FD448BF556Dh 0x0000002b lea ebp, dword ptr [ebp-0000003Ch] 0x00000031 mov cl, dl 0x00000033 bsr edi, ecx 0x00000036 cmc 0x00000037 cmc 0x00000038 jmp 00007FD448BF55DDh 0x0000003a xchg dword ptr [esp+20h], ebp 0x0000003e inc cl 0x00000040 cmc 0x00000041 setne dh 0x00000044 lea edi, dword ptr [ecx+ebp] 0x00000047 push dword ptr [esp+20h] 0x0000004b retn 0024h 0x0000004e bswap edx 0x00000050 jmp 00007FD448BF5604h 0x00000052 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88EFCD second address: 000000006C84EEEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FD448BFA0D7h 0x00000008 sub esi, 08h 0x0000000b pushfd 0x0000000c jmp 00007FD448BFA137h 0x0000000e lea esp, dword ptr [esp+02h] 0x00000012 lea esp, dword ptr [esp+02h] 0x00000016 xchg edx, ecx 0x00000018 call 00007FD448BFA0D0h 0x0000001d add esp, 01h 0x00000020 jnle 00007FD448BFA128h 0x00000022 jmp 00007FD448BFA0DAh 0x00000024 lea esp, dword ptr [esp+03h] 0x00000028 jmp 00007FD448BFA104h 0x0000002a mov dword ptr [esi], ecx 0x0000002c mov ecx, edx 0x0000002e mov cx, word ptr [esp] 0x00000032 bsf ecx, ebx 0x00000035 jmp 00007FD448BFA13Fh 0x00000037 jnle 00007FD448BFA0A7h 0x00000039 mov cx, 166Ah 0x0000003d jmp 00007FD448BFA111h 0x0000003f mov dword ptr [esi+04h], eax 0x00000042 push dx 0x00000044 add esp, 01h 0x00000047 jmp 00007FD448BFA12Ah 0x00000049 jnle 00007FD448BFA0BCh 0x0000004b xchg byte ptr [esp], ah 0x0000004e lea esp, dword ptr [esp+01h] 0x00000052 jmp 00007FD448BB9F63h 0x00000057 mov cl, byte ptr [esp] 0x0000005a rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C884C1C second address: 000000006C884C48 instructions: 0x00000000 rdtsc 0x00000002 sub ebp, 02h 0x00000005 neg cx 0x00000008 js 00007FD448BF55ACh 0x0000000a add edx, 213E919Dh 0x00000010 mov edx, eax 0x00000012 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89FABF second address: 000000006C851849 instructions: 0x00000000 rdtsc 0x00000002 sub esp, 03h 0x00000005 jl 00007FD448BFA127h 0x00000007 mov word ptr [esp], sp 0x0000000b push word ptr [esp+02h] 0x00000010 sub esp, 16h 0x00000013 lea esp, dword ptr [esp+03h] 0x00000017 jmp 00007FD448BFA2AAh 0x0000001c sub esi, 08h 0x0000001f pushad 0x00000020 cmc 0x00000021 jl 00007FD448BF9FF2h 0x00000027 jnl 00007FD448BF9FECh 0x0000002d call 00007FD448BFA0D1h 0x00000032 pop dword ptr [esp+10h] 0x00000036 jmp 00007FD448BFA0D6h 0x00000038 xchg edx, ecx 0x0000003a clc 0x0000003b jnp 00007FD448BFA109h 0x0000003d mov dword ptr [esi], ecx 0x0000003f jmp 00007FD448BFA143h 0x00000041 mov ch, 19h 0x00000043 mov cx, 60D1h 0x00000047 lea ecx, dword ptr [00000000h+ebx*4] 0x0000004e bsr ecx, edi 0x00000051 jle 00007FD448BFA0BFh 0x00000053 jnle 00007FD448BFA0BDh 0x00000055 jmp 00007FD448BFA0DAh 0x00000057 mov ecx, esi 0x00000059 jmp 00007FD448BFA106h 0x0000005b add ecx, 04h 0x0000005e jmp 00007FD448BFA13Fh 0x00000060 jne 00007FD448BFA0A7h 0x00000062 mov dword ptr [ecx], eax 0x00000064 bswap eax 0x00000066 mov ecx, esi 0x00000068 jmp 00007FD448BABD76h 0x0000006d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C87288F second address: 000000006C87288F instructions: 0x00000000 rdtsc 0x00000002 mov di, word ptr [esp] 0x00000006 mov dword ptr [esp+1Ch], ebp 0x0000000a popad 0x0000000b jmp 00007FD448BF55AEh 0x0000000d lea eax, dword ptr [eax+74h] 0x00000010 mov ecx, dword ptr [eax] 0x00000012 pop eax 0x00000013 jmp 00007FD448BF55B2h 0x00000015 dec dword ptr [ebp+74h] 0x00000018 sub esp, 16h 0x0000001b lea esp, dword ptr [esp+02h] 0x0000001f jmp 00007FD448BF55C4h 0x00000021 lea esp, dword ptr [esp+14h] 0x00000025 test ecx, ecx 0x00000027 jne 00007FD448BF54EEh 0x0000002d mov byte ptr [eax], 00000000h 0x00000030 jmp 00007FD448BF5596h 0x00000032 inc eax 0x00000033 jmp 00007FD448BF5560h 0x00000035 push eax 0x00000036 jmp 00007FD448BF55C1h 0x00000038 pushad 0x00000039 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C899DB9 second address: 000000006C899ED1 instructions: 0x00000000 rdtsc 0x00000002 setnle cl 0x00000005 setb cl 0x00000008 jmp 00007FD448BFA141h 0x0000000a sub edi, 08h 0x0000000d xchg ch, cl 0x0000000f bsr ecx, ebx 0x00000012 je 00007FD448BFA0D2h 0x00000014 jne 00007FD448BFA8E3h 0x0000001a neg ch 0x0000001c jmp 00007FD448BF9FCFh 0x00000021 pushad 0x00000022 xchg eax, esi 0x00000023 sub esp, 0Fh 0x00000026 jbe 00007FD448BFA071h 0x0000002c xchg word ptr [esp+06h], ax 0x00000031 mov dx, 2507h 0x00000035 lea esp, dword ptr [esp+03h] 0x00000039 mov dword ptr [esp+24h], edi 0x0000003d lea esp, dword ptr [esp+0Ch] 0x00000041 jmp 00007FD448BF9AFFh 0x00000046 popad 0x00000047 mov dword ptr [ecx], edx 0x00000049 jmp 00007FD448BFA025h 0x0000004e rcr ch, cl 0x00000050 jbe 00007FD448BFA0D8h 0x00000052 setno ch 0x00000055 jmp 00007FD448BFA14Ah 0x00000057 mov edx, edi 0x00000059 add edx, 04h 0x0000005c jnl 00007FD448BFA0C3h 0x0000005e jmp 00007FD448BFA0DAh 0x00000060 mov dword ptr [edx], eax 0x00000062 bsf eax, ebp 0x00000065 call 00007FD448BFA103h 0x0000006a pop word ptr [esp] 0x0000006e lea esp, dword ptr [esp+02h] 0x00000072 call 00007FD448BFA0F6h 0x00000077 jmp 00007FD448BFA12Ch 0x00000079 shl eax, 03h 0x0000007c lea edx, dword ptr [00000000h+ebp*4] 0x00000083 inc cx 0x00000085 lea ecx, dword ptr [eax+edi] 0x00000088 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C899ED1 second address: 000000006C899EEE instructions: 0x00000000 rdtsc 0x00000002 xchg dword ptr [esp], ebx 0x00000005 jmp 00007FD448BF5542h 0x00000007 not ah 0x00000009 mov eax, DB0AC25Ah 0x0000000e mov edx, F128A53Ch 0x00000013 pushfd 0x00000014 jmp 00007FD448BF55A7h 0x00000016 lea ebx, dword ptr [ebx-00044E40h] 0x0000001c mov dx, word ptr [esp] 0x00000020 mov dh, cl 0x00000022 neg dx 0x00000025 jmp 00007FD448BF55C3h 0x00000027 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C899EEE second address: 000000006C85504B instructions: 0x00000000 rdtsc 0x00000002 btc eax, esp 0x00000005 xchg dword ptr [esp+04h], ebx 0x00000009 mov cx, 5D6Fh 0x0000000d xchg cx, ax 0x00000010 sub esp, 1Eh 0x00000013 jmp 00007FD448BFA0C7h 0x00000015 mov dl, bl 0x00000017 not cx 0x0000001a lea esp, dword ptr [esp+02h] 0x0000001e push dword ptr [esp+20h] 0x00000022 retn 0024h 0x00000025 jmp 00007FD448BFA138h 0x00000027 stc 0x00000028 jnle 00007FD448BFA0A9h 0x0000002a bsf cx, di 0x0000002e rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C862145 second address: 000000006C862238 instructions: 0x00000000 rdtsc 0x00000002 mov eax, ebx 0x00000004 jmp 00007FD448BF55C5h 0x00000006 xchg dword ptr [esp], ecx 0x00000009 mov al, 6Ah 0x0000000b ror ax, cl 0x0000000e setb dh 0x00000011 bsf eax, eax 0x00000014 lea edx, dword ptr [ecx-1DD4EFFBh] 0x0000001a jmp 00007FD448BF5566h 0x0000001c lea ecx, dword ptr [ecx-00000024h] 0x00000022 not edx 0x00000024 push edi 0x00000025 mov dx, word ptr [esp+03h] 0x0000002a jmp 00007FD448BF55E2h 0x0000002c xchg dword ptr [esp+04h], ecx 0x00000030 bswap edx 0x00000032 lea eax, dword ptr [00000000h+ecx*4] 0x00000039 mov ah, EDh 0x0000003b push dword ptr [esp+04h] 0x0000003f retn 0008h 0x00000042 stc 0x00000043 jbe 00007FD448BF561Ch 0x00000049 call 00007FD448BF57B3h 0x0000004e xchg edx, eax 0x00000050 mov eax, edi 0x00000052 mov dx, bp 0x00000055 push edi 0x00000056 xchg dword ptr [esp+04h], ecx 0x0000005a jmp 00007FD448BF53FDh 0x0000005f mov ah, 99h 0x00000061 sub esp, 01h 0x00000064 neg dx 0x00000067 mov byte ptr [esp], dh 0x0000006a cmc 0x0000006b lea esp, dword ptr [esp+01h] 0x0000006f jmp 00007FD448BF5562h 0x00000071 lea ecx, dword ptr [ecx+34h] 0x00000074 call 00007FD448BF5577h 0x00000079 mov word ptr [esp], ax 0x0000007d lea edx, dword ptr [edi+2Dh] 0x00000080 lea eax, dword ptr [00000000h+edx*4] 0x00000087 jmp 00007FD448BF55A0h 0x00000089 xchg dword ptr [esp+08h], ecx 0x0000008d mov al, bl 0x0000008f sub esp, 0Ah 0x00000092 mov dword ptr [esp+04h], esi 0x00000096 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C83A7C8 second address: 000000006C83A807 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BFA0CCh 0x00000004 sub esp, 000000A0h 0x0000000a call 00007FD448BFA145h 0x0000000f setno bl 0x00000012 mov al, byte ptr [esp] 0x00000015 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C8539C4 second address: 000000006C8539F9 instructions: 0x00000000 rdtsc 0x00000002 lea esp, dword ptr [esp+02h] 0x00000006 jmp 00007FD448BF5565h 0x00000008 lea ebp, dword ptr [ebp-00000520h] 0x0000000e xchg eax, edx 0x0000000f lea eax, dword ptr [00000000h+ecx*4] 0x00000016 jmp 00007FD448BF55CCh 0x00000018 mov dx, bp 0x0000001b lea eax, dword ptr [edi+ebp] 0x0000001e not eax 0x00000020 xchg dword ptr [esp+3Ch], ebp 0x00000024 bsf dx, di 0x00000028 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C88A396 second address: 000000006C88A359 instructions: 0x00000000 rdtsc 0x00000002 bswap ecx 0x00000004 mov dh, byte ptr [esp] 0x00000007 jmp 00007FD448BF9FC8h 0x0000000c add esi, 02h 0x0000000f btr cx, ax 0x00000013 jno 00007FD448BFA1CDh 0x00000019 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C88A359 second address: 000000006C88A2DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BF54E1h 0x00000007 not cl 0x00000009 call 00007FD448BF55DDh 0x0000000e lea edx, dword ptr [00000000h+esi*4] 0x00000015 mov cx, E8B9h 0x00000019 rcl dx, cl 0x0000001c btc cx, ax 0x00000020 xchg al, cl 0x00000022 jmp 00007FD448BF5559h 0x00000024 xchg dword ptr [esp], edi 0x00000027 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C88A2DB second address: 000000006C88A2D0 instructions: 0x00000000 rdtsc 0x00000002 btc eax, ebx 0x00000005 mov eax, edx 0x00000007 xchg ch, ah 0x00000009 lea edi, dword ptr [edi-0004D459h] 0x0000000f jmp 00007FD448BFA0C8h 0x00000011 mov eax, edi 0x00000013 mov dx, EA8Dh 0x00000017 lea ecx, dword ptr [ebx+52h] 0x0000001a xchg dword ptr [esp], edi 0x0000001d bswap edx 0x0000001f rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C88A2D0 second address: 000000006C83CE3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BF55E5h 0x00000004 push dword ptr [esp] 0x00000007 retn 0004h 0x0000000a movzx ecx, byte ptr [ebp+00h] 0x0000000e jmp 00007FD448BF556Fh 0x00000010 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C889B34 second address: 000000006C889BA7 instructions: 0x00000000 rdtsc 0x00000002 ror eax, 0Bh 0x00000005 je 00007FD448BFA0B0h 0x00000007 bswap eax 0x00000009 mov ah, byte ptr [esp] 0x0000000c mov dx, bp 0x0000000f call 00007FD448BFA0F6h 0x00000014 mov edx, ebp 0x00000016 mov dh, ch 0x00000018 lea eax, dword ptr [ebp+ebp+00h] 0x0000001c sub esp, 19h 0x0000001f lea esp, dword ptr [esp+01h] 0x00000023 jmp 00007FD448BFA135h 0x00000025 xchg dword ptr [esp+18h], esi 0x00000029 xchg edx, eax 0x0000002b mov dx, C92Fh 0x0000002f rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89CF3F second address: 000000006C89CEDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BF6139h 0x00000007 mov dx, word ptr [esp] 0x0000000b push dword ptr [esp+04h] 0x0000000f retn 0008h 0x00000012 lea esp, dword ptr [esp+02h] 0x00000016 mov ecx, dword ptr [ebp+00h] 0x00000019 mov dx, 4C2Eh 0x0000001d jmp 00007FD448BF5597h 0x0000001f mov dh, byte ptr [esp] 0x00000022 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89FABF second address: 000000006C851849 instructions: 0x00000000 rdtsc 0x00000002 sub esp, 03h 0x00000005 jl 00007FD448BFA127h 0x00000007 mov word ptr [esp], sp 0x0000000b push word ptr [esp+02h] 0x00000010 sub esp, 16h 0x00000013 lea esp, dword ptr [esp+03h] 0x00000017 jmp 00007FD448BFA2AAh 0x0000001c sub esi, 08h 0x0000001f pushad 0x00000020 cmc 0x00000021 jl 00007FD448BF9FF2h 0x00000027 jnl 00007FD448BF9FECh 0x0000002d call 00007FD448BFA0D1h 0x00000032 pop dword ptr [esp+10h] 0x00000036 jmp 00007FD448BFA0D6h 0x00000038 xchg edx, ecx 0x0000003a clc 0x0000003b jnp 00007FD448BFA109h 0x0000003d jp 00007FD448BFA107h 0x0000003f mov dword ptr [esi], ecx 0x00000041 jmp 00007FD448BFA143h 0x00000043 mov ch, 19h 0x00000045 mov cx, 60D1h 0x00000049 lea ecx, dword ptr [00000000h+ebx*4] 0x00000050 bsr ecx, edi 0x00000053 jle 00007FD448BFA0BFh 0x00000055 jnle 00007FD448BFA0BDh 0x00000057 jmp 00007FD448BFA0DAh 0x00000059 mov ecx, esi 0x0000005b jmp 00007FD448BFA106h 0x0000005d add ecx, 04h 0x00000060 jmp 00007FD448BFA13Fh 0x00000062 jne 00007FD448BFA0A7h 0x00000064 mov dword ptr [ecx], eax 0x00000066 bswap eax 0x00000068 mov ecx, esi 0x0000006a jmp 00007FD448BABD76h 0x0000006f rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C899DB9 second address: 000000006C899ED1 instructions: 0x00000000 rdtsc 0x00000002 setnle cl 0x00000005 setb cl 0x00000008 jmp 00007FD448BF55E1h 0x0000000a sub edi, 08h 0x0000000d xchg ch, cl 0x0000000f bsr ecx, ebx 0x00000012 je 00007FD448BF5572h 0x00000014 jne 00007FD448BF5D83h 0x0000001a neg ch 0x0000001c jmp 00007FD448BF546Fh 0x00000021 pushad 0x00000022 xchg eax, esi 0x00000023 sub esp, 0Fh 0x00000026 jbe 00007FD448BF5511h 0x0000002c xchg word ptr [esp+06h], ax 0x00000031 mov dx, 2507h 0x00000035 lea esp, dword ptr [esp+03h] 0x00000039 mov dword ptr [esp+24h], edi 0x0000003d lea esp, dword ptr [esp+0Ch] 0x00000041 jmp 00007FD448BF4F9Fh 0x00000046 popad 0x00000047 mov dword ptr [ecx], edx 0x00000049 jmp 00007FD448BF54C5h 0x0000004e rcr ch, cl 0x00000050 jbe 00007FD448BF5578h 0x00000052 setno ch 0x00000055 jmp 00007FD448BF55D0h 0x00000057 mov edx, edi 0x00000059 add edx, 04h 0x0000005c jnl 00007FD448BF5563h 0x0000005e jmp 00007FD448BF557Ah 0x00000060 mov dword ptr [edx], eax 0x00000062 bsf eax, ebp 0x00000065 call 00007FD448BF55A3h 0x0000006a pop word ptr [esp] 0x0000006e lea esp, dword ptr [esp+02h] 0x00000072 call 00007FD448BF5596h 0x00000077 jmp 00007FD448BF55CCh 0x00000079 shl eax, 03h 0x0000007c lea edx, dword ptr [00000000h+ebp*4] 0x00000083 inc cx 0x00000085 lea ecx, dword ptr [eax+edi] 0x00000088 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89AF6D second address: 000000006C89AF32 instructions: 0x00000000 rdtsc 0x00000002 neg eax 0x00000004 jmp 00007FD448BFA08Fh 0x00000006 jc 00007FD448BFA10Fh 0x00000008 mov eax, dword ptr [esp] 0x0000000b rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C889B34 second address: 000000006C889BA7 instructions: 0x00000000 rdtsc 0x00000002 ror eax, 0Bh 0x00000005 je 00007FD448BF5550h 0x00000007 bswap eax 0x00000009 mov ah, byte ptr [esp] 0x0000000c mov dx, bp 0x0000000f call 00007FD448BF5596h 0x00000014 mov edx, ebp 0x00000016 mov dh, ch 0x00000018 lea eax, dword ptr [ebp+ebp+00h] 0x0000001c sub esp, 19h 0x0000001f lea esp, dword ptr [esp+01h] 0x00000023 jmp 00007FD448BF55D5h 0x00000025 xchg dword ptr [esp+18h], esi 0x00000029 xchg edx, eax 0x0000002b mov dx, C92Fh 0x0000002f rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89CF3F second address: 000000006C89CEDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BFAC99h 0x00000007 mov dx, word ptr [esp] 0x0000000b push dword ptr [esp+04h] 0x0000000f retn 0008h 0x00000012 lea esp, dword ptr [esp+02h] 0x00000016 mov ecx, dword ptr [ebp+00h] 0x00000019 mov dx, 4C2Eh 0x0000001d jmp 00007FD448BFA0F7h 0x0000001f mov dh, byte ptr [esp] 0x00000022 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89AF6D second address: 000000006C89AF32 instructions: 0x00000000 rdtsc 0x00000002 neg eax 0x00000004 jmp 00007FD448BF552Fh 0x00000006 jc 00007FD448BF55AFh 0x00000008 mov eax, dword ptr [esp] 0x0000000b rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C87288F second address: 000000006C87288F instructions: 0x00000000 rdtsc 0x00000002 mov di, word ptr [esp] 0x00000006 mov dword ptr [esp+1Ch], ebp 0x0000000a popad 0x0000000b jmp 00007FD448BFA10Eh 0x0000000d lea eax, dword ptr [eax+74h] 0x00000010 mov ecx, dword ptr [eax] 0x00000012 pop eax 0x00000013 jmp 00007FD448BFA112h 0x00000015 dec dword ptr [ebp+74h] 0x00000018 sub esp, 16h 0x0000001b lea esp, dword ptr [esp+02h] 0x0000001f jmp 00007FD448BFA124h 0x00000021 lea esp, dword ptr [esp+14h] 0x00000025 test ecx, ecx 0x00000027 jne 00007FD448BFA04Eh 0x0000002d mov byte ptr [eax], 00000000h 0x00000030 jmp 00007FD448BFA0F6h 0x00000032 inc eax 0x00000033 jmp 00007FD448BFA0C0h 0x00000035 push eax 0x00000036 jmp 00007FD448BFA121h 0x00000038 pushad 0x00000039 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C899DB9 second address: 000000006C899ED1 instructions: 0x00000000 rdtsc 0x00000002 setnle cl 0x00000005 setb cl 0x00000008 jmp 00007FD448BF55E1h 0x0000000a sub edi, 08h 0x0000000d xchg ch, cl 0x0000000f bsr ecx, ebx 0x00000012 je 00007FD448BF5572h 0x00000014 jne 00007FD448BF5D83h 0x0000001a neg ch 0x0000001c jmp 00007FD448BF546Fh 0x00000021 pushad 0x00000022 xchg eax, esi 0x00000023 sub esp, 0Fh 0x00000026 jbe 00007FD448BF5511h 0x0000002c xchg word ptr [esp+06h], ax 0x00000031 mov dx, 2507h 0x00000035 lea esp, dword ptr [esp+03h] 0x00000039 mov dword ptr [esp+24h], edi 0x0000003d lea esp, dword ptr [esp+0Ch] 0x00000041 jmp 00007FD448BF4F9Fh 0x00000046 popad 0x00000047 mov dword ptr [ecx], edx 0x00000049 jmp 00007FD448BF54C5h 0x0000004e rcr ch, cl 0x00000050 jbe 00007FD448BF5578h 0x00000052 setno ch 0x00000055 jmp 00007FD448BF55D0h 0x00000057 mov edx, edi 0x00000059 add edx, 04h 0x0000005c jnl 00007FD448BF5563h 0x0000005e jmp 00007FD448BF557Ah 0x00000060 mov dword ptr [edx], eax 0x00000062 bsf eax, ebp 0x00000065 call 00007FD448BF55A3h 0x0000006a pop word ptr [esp] 0x0000006e lea esp, dword ptr [esp+02h] 0x00000072 call 00007FD448BF5596h 0x00000077 jmp 00007FD448BF55CCh 0x00000079 shl eax, 03h 0x0000007c lea edx, dword ptr [00000000h+ebp*4] 0x00000083 inc cx 0x00000085 lea ecx, dword ptr [eax+edi] 0x00000088 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C899ED1 second address: 000000006C899EEE instructions: 0x00000000 rdtsc 0x00000002 xchg dword ptr [esp], ebx 0x00000005 jmp 00007FD448BFA0A2h 0x00000007 not ah 0x00000009 mov eax, DB0AC25Ah 0x0000000e mov edx, F128A53Ch 0x00000013 pushfd 0x00000014 jmp 00007FD448BFA107h 0x00000016 lea ebx, dword ptr [ebx-00044E40h] 0x0000001c mov dx, word ptr [esp] 0x00000020 mov dh, cl 0x00000022 neg dx 0x00000025 jmp 00007FD448BFA123h 0x00000027 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C899EEE second address: 000000006C85504B instructions: 0x00000000 rdtsc 0x00000002 btc eax, esp 0x00000005 xchg dword ptr [esp+04h], ebx 0x00000009 mov cx, 5D6Fh 0x0000000d xchg cx, ax 0x00000010 sub esp, 1Eh 0x00000013 jmp 00007FD448BF5567h 0x00000015 mov dl, bl 0x00000017 not cx 0x0000001a lea esp, dword ptr [esp+02h] 0x0000001e push dword ptr [esp+20h] 0x00000022 retn 0024h 0x00000025 jmp 00007FD448BF55D8h 0x00000027 stc 0x00000028 jnle 00007FD448BF5549h 0x0000002a bsf cx, di 0x0000002e rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C882D5E second address: 000000006C882CA4 instructions: 0x00000000 rdtsc 0x00000002 mov ax, sp 0x00000005 jmp 00007FD448BFA02Eh 0x0000000a lea eax, dword ptr [edi+edi] 0x0000000d rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C882CA4 second address: 000000006C851849 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BC4133h 0x00000007 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C88B6DE second address: 000000006C85504B instructions: 0x00000000 rdtsc 0x00000002 mov word ptr [edi], cx 0x00000005 bswap eax 0x00000007 setb al 0x0000000a inc cx 0x0000000c jmp 00007FD448BFA121h 0x0000000e jne 00007FD448BFA0C5h 0x00000010 jmp 00007FD448BC3A45h 0x00000015 jmp 00007FD448BFA138h 0x00000017 stc 0x00000018 jnle 00007FD448BFA0A9h 0x0000001a bsf cx, di 0x0000001e rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C8534C3 second address: 000000006C85353D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BF55C8h 0x00000004 push ebp 0x00000005 call 00007FD448BF5573h 0x0000000a push esp 0x0000000b mov esi, dword ptr [esp+03h] 0x0000000f bswap eax 0x00000011 mov byte ptr [esp+01h], cl 0x00000015 mov word ptr [esp+01h], sp 0x0000001a jmp 00007FD448BF55B9h 0x0000001c xchg dword ptr [esp+04h], ebp 0x00000020 pushad 0x00000021 inc cx 0x00000023 bsf di, bx 0x00000027 pop esi 0x00000028 clc 0x00000029 jmp 00007FD448BF556Dh 0x0000002b lea ebp, dword ptr [ebp-0000003Ch] 0x00000031 mov cl, dl 0x00000033 bsr edi, ecx 0x00000036 cmc 0x00000037 cmc 0x00000038 jmp 00007FD448BF55DDh 0x0000003a xchg dword ptr [esp+20h], ebp 0x0000003e inc cl 0x00000040 cmc 0x00000041 setne dh 0x00000044 lea edi, dword ptr [ecx+ebp] 0x00000047 push dword ptr [esp+20h] 0x0000004b retn 0024h 0x0000004e bswap edx 0x00000050 jmp 00007FD448BF5604h 0x00000052 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C88EFCD second address: 000000006C84EEEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FD448BFA0D7h 0x00000008 sub esi, 08h 0x0000000b pushfd 0x0000000c jmp 00007FD448BFA137h 0x0000000e lea esp, dword ptr [esp+02h] 0x00000012 lea esp, dword ptr [esp+02h] 0x00000016 xchg edx, ecx 0x00000018 call 00007FD448BFA0D0h 0x0000001d add esp, 01h 0x00000020 jnle 00007FD448BFA128h 0x00000022 jmp 00007FD448BFA0DAh 0x00000024 lea esp, dword ptr [esp+03h] 0x00000028 jmp 00007FD448BFA104h 0x0000002a mov dword ptr [esi], ecx 0x0000002c mov ecx, edx 0x0000002e mov cx, word ptr [esp] 0x00000032 bsf ecx, ebx 0x00000035 jmp 00007FD448BFA13Fh 0x00000037 jnle 00007FD448BFA0A7h 0x00000039 mov cx, 166Ah 0x0000003d jmp 00007FD448BFA111h 0x0000003f mov dword ptr [esi+04h], eax 0x00000042 push dx 0x00000044 add esp, 01h 0x00000047 jmp 00007FD448BFA12Ah 0x00000049 jnle 00007FD448BFA0BCh 0x0000004b xchg byte ptr [esp], ah 0x0000004e lea esp, dword ptr [esp+01h] 0x00000052 jmp 00007FD448BB9F63h 0x00000057 mov cl, byte ptr [esp] 0x0000005a rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C884C1C second address: 000000006C884C48 instructions: 0x00000000 rdtsc 0x00000002 sub ebp, 02h 0x00000005 neg cx 0x00000008 js 00007FD448BF55ACh 0x0000000a add edx, 213E919Dh 0x00000010 mov edx, eax 0x00000012 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C89FABF second address: 000000006C851849 instructions: 0x00000000 rdtsc 0x00000002 sub esp, 03h 0x00000005 jl 00007FD448BFA127h 0x00000007 mov word ptr [esp], sp 0x0000000b push word ptr [esp+02h] 0x00000010 sub esp, 16h 0x00000013 lea esp, dword ptr [esp+03h] 0x00000017 jmp 00007FD448BFA2AAh 0x0000001c sub esi, 08h 0x0000001f pushad 0x00000020 cmc 0x00000021 jl 00007FD448BF9FF2h 0x00000027 jnl 00007FD448BF9FECh 0x0000002d call 00007FD448BFA0D1h 0x00000032 pop dword ptr [esp+10h] 0x00000036 jmp 00007FD448BFA0D6h 0x00000038 xchg edx, ecx 0x0000003a clc 0x0000003b jnp 00007FD448BFA109h 0x0000003d jp 00007FD448BFA107h 0x0000003f mov dword ptr [esi], ecx 0x00000041 jmp 00007FD448BFA143h 0x00000043 mov ch, 19h 0x00000045 mov cx, 60D1h 0x00000049 lea ecx, dword ptr [00000000h+ebx*4] 0x00000050 bsr ecx, edi 0x00000053 jle 00007FD448BFA0BFh 0x00000055 jnle 00007FD448BFA0BDh 0x00000057 jmp 00007FD448BFA0DAh 0x00000059 mov ecx, esi 0x0000005b jmp 00007FD448BFA106h 0x0000005d add ecx, 04h 0x00000060 jmp 00007FD448BFA13Fh 0x00000062 jne 00007FD448BFA0A7h 0x00000064 mov dword ptr [ecx], eax 0x00000066 bswap eax 0x00000068 mov ecx, esi 0x0000006a jmp 00007FD448BABD76h 0x0000006f rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C862145 second address: 000000006C862238 instructions: 0x00000000 rdtsc 0x00000002 mov eax, ebx 0x00000004 jmp 00007FD448BF55C5h 0x00000006 xchg dword ptr [esp], ecx 0x00000009 mov al, 6Ah 0x0000000b ror ax, cl 0x0000000e setb dh 0x00000011 bsf eax, eax 0x00000014 lea edx, dword ptr [ecx-1DD4EFFBh] 0x0000001a jmp 00007FD448BF5566h 0x0000001c lea ecx, dword ptr [ecx-00000024h] 0x00000022 not edx 0x00000024 push edi 0x00000025 mov dx, word ptr [esp+03h] 0x0000002a jmp 00007FD448BF55E2h 0x0000002c xchg dword ptr [esp+04h], ecx 0x00000030 bswap edx 0x00000032 lea eax, dword ptr [00000000h+ecx*4] 0x00000039 mov ah, EDh 0x0000003b push dword ptr [esp+04h] 0x0000003f retn 0008h 0x00000042 stc 0x00000043 jbe 00007FD448BF561Ch 0x00000049 call 00007FD448BF57B3h 0x0000004e xchg edx, eax 0x00000050 mov eax, edi 0x00000052 mov dx, bp 0x00000055 push edi 0x00000056 xchg dword ptr [esp+04h], ecx 0x0000005a jmp 00007FD448BF53FDh 0x0000005f mov ah, 99h 0x00000061 sub esp, 01h 0x00000064 neg dx 0x00000067 mov byte ptr [esp], dh 0x0000006a cmc 0x0000006b lea esp, dword ptr [esp+01h] 0x0000006f jmp 00007FD448BF5562h 0x00000071 lea ecx, dword ptr [ecx+34h] 0x00000074 call 00007FD448BF5577h 0x00000079 mov word ptr [esp], ax 0x0000007d lea edx, dword ptr [edi+2Dh] 0x00000080 lea eax, dword ptr [00000000h+edx*4] 0x00000087 jmp 00007FD448BF55A0h 0x00000089 xchg dword ptr [esp+08h], ecx 0x0000008d mov al, bl 0x0000008f sub esp, 0Ah 0x00000092 mov dword ptr [esp+04h], esi 0x00000096 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89E930 second address: 000000006C855094 instructions: 0x00000000 rdtsc 0x00000002 call 00007FD448BFA0F6h 0x00000007 sub edi, 08h 0x0000000a jmp 00007FD448BFA0F6h 0x0000000c pushad 0x0000000d lea esp, dword ptr [esp+01h] 0x00000011 add esp, 16h 0x00000014 jo 00007FD448BFB1A5h 0x0000001a pop dword ptr [esp] 0x0000001d jmp 00007FD448BFB27Ah 0x00000022 lea esp, dword ptr [esp+01h] 0x00000026 jmp 00007FD448BF9FF3h 0x0000002b mov dword ptr [edi], edx 0x0000002d mov dx, cx 0x00000030 setp dh 0x00000033 mov edx, ebx 0x00000035 jmp 00007FD448BFA11Eh 0x00000037 xchg eax, ecx 0x00000038 mov dx, word ptr [esp] 0x0000003c bt edx, edx 0x0000003f jnl 00007FD448BFA0D0h 0x00000041 bt edx, esi 0x00000044 lea edx, dword ptr [00000000h+ebx*4] 0x0000004b jmp 00007FD448BFA128h 0x0000004d mov dword ptr [edi+04h], ecx 0x00000050 bswap ecx 0x00000052 rol cl, 00000006h 0x00000055 jp 00007FD448BFA0CAh 0x00000057 dec ecx 0x00000058 jmp 00007FD448BAF70Dh 0x0000005d jmp 00007FD448BFA138h 0x0000005f stc 0x00000060 jnle 00007FD448BFA0A9h 0x00000062 bsf cx, di 0x00000066 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C889B34 second address: 000000006C889BA7 instructions: 0x00000000 rdtsc 0x00000002 ror eax, 0Bh 0x00000005 je 00007FD448BF5550h 0x00000007 bswap eax 0x00000009 mov ah, byte ptr [esp] 0x0000000c mov dx, bp 0x0000000f call 00007FD448BF5596h 0x00000014 mov edx, ebp 0x00000016 mov dh, ch 0x00000018 lea eax, dword ptr [ebp+ebp+00h] 0x0000001c sub esp, 19h 0x0000001f lea esp, dword ptr [esp+01h] 0x00000023 jmp 00007FD448BF55D5h 0x00000025 xchg dword ptr [esp+18h], esi 0x00000029 xchg edx, eax 0x0000002b mov dx, C92Fh 0x0000002f rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C89CF3F second address: 000000006C89CEDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BFAC99h 0x00000007 mov dx, word ptr [esp] 0x0000000b push dword ptr [esp+04h] 0x0000000f retn 0008h 0x00000012 lea esp, dword ptr [esp+02h] 0x00000016 mov ecx, dword ptr [ebp+00h] 0x00000019 mov dx, 4C2Eh 0x0000001d jmp 00007FD448BFA0F7h 0x0000001f mov dh, byte ptr [esp] 0x00000022 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89E930 second address: 000000006C85504B instructions: 0x00000000 rdtsc 0x00000002 call 00007FD448BF5596h 0x00000007 sub edi, 08h 0x0000000a jmp 00007FD448BF5596h 0x0000000c pushad 0x0000000d lea esp, dword ptr [esp+01h] 0x00000011 add esp, 16h 0x00000014 jo 00007FD448BF6645h 0x0000001a pop dword ptr [esp] 0x0000001d jmp 00007FD448BF671Ah 0x00000022 lea esp, dword ptr [esp+01h] 0x00000026 jmp 00007FD448BF5493h 0x0000002b mov dword ptr [edi], edx 0x0000002d mov dx, cx 0x00000030 setp dh 0x00000033 mov edx, ebx 0x00000035 jmp 00007FD448BF55BEh 0x00000037 xchg eax, ecx 0x00000038 mov dx, word ptr [esp] 0x0000003c bt edx, edx 0x0000003f jnl 00007FD448BF5570h 0x00000041 bt edx, esi 0x00000044 lea edx, dword ptr [00000000h+ebx*4] 0x0000004b jmp 00007FD448BF55C8h 0x0000004d mov dword ptr [edi+04h], ecx 0x00000050 bswap ecx 0x00000052 rol cl, 00000006h 0x00000055 jp 00007FD448BF556Ah 0x00000057 dec ecx 0x00000058 jmp 00007FD448BAABADh 0x0000005d jmp 00007FD448BF55D8h 0x0000005f stc 0x00000060 jnle 00007FD448BF5549h 0x00000062 bsf cx, di 0x00000066 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88B7D0 second address: 000000006C88271D instructions: 0x00000000 rdtsc 0x00000002 clc 0x00000003 js 00007FD448BFA1FFh 0x00000009 cmc 0x0000000a cmc 0x0000000b jmp 00007FD448BFA1A9h 0x00000010 sub ebp, 08h 0x00000013 pushad 0x00000014 pop word ptr [esp+05h] 0x00000019 jmp 00007FD448BFA07Ch 0x0000001b lea esp, dword ptr [esp+02h] 0x0000001f xchg edx, ecx 0x00000021 call 00007FD448BFA0D4h 0x00000026 mov word ptr [esp], si 0x0000002a pop word ptr [esp] 0x0000002e lea esp, dword ptr [esp+02h] 0x00000032 jmp 00007FD448BFA121h 0x00000034 mov dword ptr [ebp+00h], ecx 0x00000037 pushfd 0x00000038 neg cx 0x0000003b jnp 00007FD448BFA0CDh 0x0000003d mov cx, word ptr [esp+03h] 0x00000042 lea ecx, dword ptr [edx-000000F7h] 0x00000048 jmp 00007FD448BFA10Ch 0x0000004a mov dword ptr [ebp+04h], eax 0x0000004d mov ax, sp 0x00000050 mov ecx, dword ptr [esp] 0x00000053 jmp 00007FD448BF0EBAh 0x00000058 jmp 00007FD448BFA1DEh 0x0000005d xchg eax, ecx 0x0000005e rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88B7D0 second address: 000000006C88271D instructions: 0x00000000 rdtsc 0x00000002 clc 0x00000003 js 00007FD448BF569Fh 0x00000009 cmc 0x0000000a cmc 0x0000000b jmp 00007FD448BF5649h 0x00000010 sub ebp, 08h 0x00000013 pushad 0x00000014 pop word ptr [esp+05h] 0x00000019 jmp 00007FD448BF551Ch 0x0000001b lea esp, dword ptr [esp+02h] 0x0000001f xchg edx, ecx 0x00000021 call 00007FD448BF5574h 0x00000026 mov word ptr [esp], si 0x0000002a pop word ptr [esp] 0x0000002e lea esp, dword ptr [esp+02h] 0x00000032 jmp 00007FD448BF55C1h 0x00000034 mov dword ptr [ebp+00h], ecx 0x00000037 pushfd 0x00000038 neg cx 0x0000003b jnp 00007FD448BF556Dh 0x0000003d jp 00007FD448BF55B0h 0x0000003f mov cx, word ptr [esp+03h] 0x00000044 lea ecx, dword ptr [edx-000000F7h] 0x0000004a jmp 00007FD448BF5567h 0x0000004c mov dword ptr [ebp+04h], eax 0x0000004f mov ax, sp 0x00000052 mov ecx, dword ptr [esp] 0x00000055 jmp 00007FD448BEC35Ah 0x0000005a jmp 00007FD448BF567Eh 0x0000005f xchg eax, ecx 0x00000060 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C89AF6D second address: 000000006C89AF32 instructions: 0x00000000 rdtsc 0x00000002 neg eax 0x00000004 jmp 00007FD448BFA08Fh 0x00000006 jc 00007FD448BFA10Fh 0x00000008 mov eax, dword ptr [esp] 0x0000000b rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89E930 second address: 000000006C855094 instructions: 0x00000000 rdtsc 0x00000002 call 00007FD448BF5596h 0x00000007 sub edi, 08h 0x0000000a jmp 00007FD448BF5596h 0x0000000c pushad 0x0000000d lea esp, dword ptr [esp+01h] 0x00000011 add esp, 16h 0x00000014 jo 00007FD448BF6645h 0x0000001a pop dword ptr [esp] 0x0000001d jmp 00007FD448BF671Ah 0x00000022 lea esp, dword ptr [esp+01h] 0x00000026 jmp 00007FD448BF5493h 0x0000002b mov dword ptr [edi], edx 0x0000002d mov dx, cx 0x00000030 setp dh 0x00000033 mov edx, ebx 0x00000035 jmp 00007FD448BF55BEh 0x00000037 xchg eax, ecx 0x00000038 mov dx, word ptr [esp] 0x0000003c bt edx, edx 0x0000003f jnl 00007FD448BF5570h 0x00000041 bt edx, esi 0x00000044 lea edx, dword ptr [00000000h+ebx*4] 0x0000004b jmp 00007FD448BF55C8h 0x0000004d mov dword ptr [edi+04h], ecx 0x00000050 bswap ecx 0x00000052 rol cl, 00000006h 0x00000055 jp 00007FD448BF556Ah 0x00000057 dec ecx 0x00000058 jmp 00007FD448BAABADh 0x0000005d jmp 00007FD448BF55D8h 0x0000005f stc 0x00000060 jnle 00007FD448BF5549h 0x00000062 bsf cx, di 0x00000066 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89E930 second address: 000000006C85504B instructions: 0x00000000 rdtsc 0x00000002 call 00007FD448BFA0F6h 0x00000007 sub edi, 08h 0x0000000a jmp 00007FD448BFA0F6h 0x0000000c pushad 0x0000000d lea esp, dword ptr [esp+01h] 0x00000011 add esp, 16h 0x00000014 jo 00007FD448BFB1A5h 0x0000001a pop dword ptr [esp] 0x0000001d jmp 00007FD448BFB27Ah 0x00000022 lea esp, dword ptr [esp+01h] 0x00000026 jmp 00007FD448BF9FF3h 0x0000002b mov dword ptr [edi], edx 0x0000002d mov dx, cx 0x00000030 setp dh 0x00000033 mov edx, ebx 0x00000035 jmp 00007FD448BFA11Eh 0x00000037 xchg eax, ecx 0x00000038 mov dx, word ptr [esp] 0x0000003c bt edx, edx 0x0000003f jnl 00007FD448BFA0D0h 0x00000041 bt edx, esi 0x00000044 lea edx, dword ptr [00000000h+ebx*4] 0x0000004b jmp 00007FD448BFA128h 0x0000004d mov dword ptr [edi+04h], ecx 0x00000050 bswap ecx 0x00000052 rol cl, 00000006h 0x00000055 jp 00007FD448BFA0CAh 0x00000057 dec ecx 0x00000058 jmp 00007FD448BAF70Dh 0x0000005d jmp 00007FD448BFA138h 0x0000005f stc 0x00000060 jnle 00007FD448BFA0A9h 0x00000062 bsf cx, di 0x00000066 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88B7D0 second address: 000000006C88271D instructions: 0x00000000 rdtsc 0x00000002 clc 0x00000003 js 00007FD448BF569Fh 0x00000009 cmc 0x0000000a cmc 0x0000000b jmp 00007FD448BF5649h 0x00000010 sub ebp, 08h 0x00000013 pushad 0x00000014 pop word ptr [esp+05h] 0x00000019 jmp 00007FD448BF551Ch 0x0000001b lea esp, dword ptr [esp+02h] 0x0000001f xchg edx, ecx 0x00000021 call 00007FD448BF5574h 0x00000026 mov word ptr [esp], si 0x0000002a pop word ptr [esp] 0x0000002e lea esp, dword ptr [esp+02h] 0x00000032 jmp 00007FD448BF55C1h 0x00000034 mov dword ptr [ebp+00h], ecx 0x00000037 pushfd 0x00000038 neg cx 0x0000003b jnp 00007FD448BF556Dh 0x0000003d mov cx, word ptr [esp+03h] 0x00000042 lea ecx, dword ptr [edx-000000F7h] 0x00000048 jmp 00007FD448BF55ACh 0x0000004a mov dword ptr [ebp+04h], eax 0x0000004d mov ax, sp 0x00000050 mov ecx, dword ptr [esp] 0x00000053 jmp 00007FD448BEC35Ah 0x00000058 jmp 00007FD448BF567Eh 0x0000005d xchg eax, ecx 0x0000005e rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C89E930 second address: 000000006C855094 instructions: 0x00000000 rdtsc 0x00000002 call 00007FD448BFA0F6h 0x00000007 sub edi, 08h 0x0000000a jmp 00007FD448BFA0F6h 0x0000000c pushad 0x0000000d lea esp, dword ptr [esp+01h] 0x00000011 add esp, 16h 0x00000014 jo 00007FD448BFB1A5h 0x0000001a pop dword ptr [esp] 0x0000001d jmp 00007FD448BFB27Ah 0x00000022 lea esp, dword ptr [esp+01h] 0x00000026 jmp 00007FD448BF9FF3h 0x0000002b mov dword ptr [edi], edx 0x0000002d mov dx, cx 0x00000030 setp dh 0x00000033 mov edx, ebx 0x00000035 jmp 00007FD448BFA11Eh 0x00000037 xchg eax, ecx 0x00000038 mov dx, word ptr [esp] 0x0000003c bt edx, edx 0x0000003f jnl 00007FD448BFA0D0h 0x00000041 bt edx, esi 0x00000044 lea edx, dword ptr [00000000h+ebx*4] 0x0000004b jmp 00007FD448BFA128h 0x0000004d mov dword ptr [edi+04h], ecx 0x00000050 bswap ecx 0x00000052 rol cl, 00000006h 0x00000055 jp 00007FD448BFA0CAh 0x00000057 dec ecx 0x00000058 jmp 00007FD448BAF70Dh 0x0000005d jmp 00007FD448BFA138h 0x0000005f stc 0x00000060 jnle 00007FD448BFA0A9h 0x00000062 bsf cx, di 0x00000066 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | RDTSC instruction interceptor: First address: 000000006C88B7D0 second address: 000000006C88271D instructions: 0x00000000 rdtsc 0x00000002 clc 0x00000003 js 00007FD448BFA1FFh 0x00000009 cmc 0x0000000a cmc 0x0000000b jmp 00007FD448BFA1A9h 0x00000010 sub ebp, 08h 0x00000013 pushad 0x00000014 pop word ptr [esp+05h] 0x00000019 jmp 00007FD448BFA07Ch 0x0000001b lea esp, dword ptr [esp+02h] 0x0000001f xchg edx, ecx 0x00000021 call 00007FD448BFA0D4h 0x00000026 mov word ptr [esp], si 0x0000002a pop word ptr [esp] 0x0000002e lea esp, dword ptr [esp+02h] 0x00000032 jmp 00007FD448BFA121h 0x00000034 mov dword ptr [ebp+00h], ecx 0x00000037 pushfd 0x00000038 neg cx 0x0000003b jnp 00007FD448BFA0CDh 0x0000003d jp 00007FD448BFA110h 0x0000003f mov cx, word ptr [esp+03h] 0x00000044 lea ecx, dword ptr [edx-000000F7h] 0x0000004a jmp 00007FD448BFA0C7h 0x0000004c mov dword ptr [ebp+04h], eax 0x0000004f mov ax, sp 0x00000052 mov ecx, dword ptr [esp] 0x00000055 jmp 00007FD448BF0EBAh 0x0000005a jmp 00007FD448BFA1DEh 0x0000005f xchg eax, ecx 0x00000060 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C84B85B second address: 000000006C84B903 instructions: 0x00000000 rdtsc 0x00000002 lea eax, dword ptr [eax+ebx] 0x00000005 jmp 00007FD448BF556Fh 0x00000007 cmp eax, 9DA45E12h 0x0000000c push si 0x0000000e lea esp, dword ptr [esp+02h] 0x00000012 jmp 00007FD448BF55BEh 0x00000014 pop esi 0x00000015 mov al, dl 0x00000017 mov al, dl 0x00000019 clc 0x0000001a jnp 00007FD448BF5574h 0x0000001c jp 00007FD448BF5606h 0x0000001e pop ebp 0x0000001f mov ch, 2Fh 0x00000021 mov ax, BE00h 0x00000025 or eax, ebx 0x00000027 jnle 00007FD448BF5551h 0x00000029 jle 00007FD448BF5539h 0x0000002b add esp, 04h 0x0000002e jnbe 00007FD448BF55BBh 0x00000030 pushfd 0x00000031 mov cx, word ptr [esp+02h] 0x00000036 jmp 00007FD448BF5574h 0x00000038 lea edi, dword ptr [ecx+ebx] 0x0000003b mov edi, dword ptr [esp+04h] 0x0000003f mov edx, 6C4C3A78h 0x00000044 push dx 0x00000046 jmp 00007FD448BF55A0h 0x00000048 lea esp, dword ptr [esp+02h] 0x0000004c lea esp, dword ptr [esp+08h] 0x00000050 call 00007FD448BF55C1h 0x00000055 mov ax, dx 0x00000058 mov cl, B9h 0x0000005a bt dx, bx 0x0000005e xchg dword ptr [esp], ecx 0x00000061 jmp 00007FD448BF556Eh 0x00000063 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C83CBE2 second address: 000000006C83CCAF instructions: 0x00000000 rdtsc 0x00000002 xchg ecx, edx 0x00000004 mov ax, word ptr [esp] 0x00000008 mov edx, B68AAC39h 0x0000000d lea esi, dword ptr [esi-00000052h] 0x00000013 xchg eax, edx 0x00000014 jmp 00007FD448BFA113h 0x00000016 mov edx, ecx 0x00000018 lea eax, dword ptr [00000000h+edi*4] 0x0000001f mov dx, 208Bh 0x00000023 xchg dword ptr [esp+20h], esi 0x00000027 mov cl, ch 0x00000029 xchg dx, ax 0x0000002c jmp 00007FD448BFA0C3h 0x0000002e xchg dx, ax 0x00000031 mov ecx, dword ptr [esp] 0x00000034 push dword ptr [esp+20h] 0x00000038 retn 0024h 0x0000003b mov eax, 12F33EA2h 0x00000040 xor cl, 00000044h 0x00000043 jnl 00007FD448BFA1D0h 0x00000049 pushfd 0x0000004a mov dx, cx 0x0000004d mov dh, 56h 0x0000004f lea eax, dword ptr [ebx-03h] 0x00000052 lea ecx, dword ptr [ecx-0F5291AAh] 0x00000058 lea esp, dword ptr [esp+04h] 0x0000005c sub ebp, 1284C013h 0x00000062 call 00007FD448BFA10Ch 0x00000067 mov ecx, dword ptr [esp] 0x0000006a rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C882D5E second address: 000000006C882CA4 instructions: 0x00000000 rdtsc 0x00000002 mov ax, sp 0x00000005 jmp 00007FD448BF54CEh 0x0000000a lea eax, dword ptr [edi+edi] 0x0000000d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C882CA4 second address: 000000006C851849 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BC8C93h 0x00000007 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88B6DE second address: 000000006C85504B instructions: 0x00000000 rdtsc 0x00000002 mov word ptr [edi], cx 0x00000005 bswap eax 0x00000007 setb al 0x0000000a inc cx 0x0000000c jmp 00007FD448BF55C1h 0x0000000e jne 00007FD448BF5565h 0x00000010 jmp 00007FD448BBEEE5h 0x00000015 jmp 00007FD448BF55D8h 0x00000017 stc 0x00000018 jnle 00007FD448BF5549h 0x0000001a bsf cx, di 0x0000001e rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C8534C3 second address: 000000006C85353D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD448BFA128h 0x00000004 push ebp 0x00000005 call 00007FD448BFA0D3h 0x0000000a push esp 0x0000000b mov esi, dword ptr [esp+03h] 0x0000000f bswap eax 0x00000011 mov byte ptr [esp+01h], cl 0x00000015 mov word ptr [esp+01h], sp 0x0000001a jmp 00007FD448BFA119h 0x0000001c xchg dword ptr [esp+04h], ebp 0x00000020 pushad 0x00000021 inc cx 0x00000023 bsf di, bx 0x00000027 pop esi 0x00000028 clc 0x00000029 jmp 00007FD448BFA0CDh 0x0000002b lea ebp, dword ptr [ebp-0000003Ch] 0x00000031 mov cl, dl 0x00000033 bsr edi, ecx 0x00000036 cmc 0x00000037 cmc 0x00000038 jmp 00007FD448BFA13Dh 0x0000003a xchg dword ptr [esp+20h], ebp 0x0000003e inc cl 0x00000040 cmc 0x00000041 setne dh 0x00000044 lea edi, dword ptr [ecx+ebp] 0x00000047 push dword ptr [esp+20h] 0x0000004b retn 0024h 0x0000004e bswap edx 0x00000050 jmp 00007FD448BFA164h 0x00000052 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88EFCD second address: 000000006C84EEEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FD448BF5577h 0x00000008 sub esi, 08h 0x0000000b pushfd 0x0000000c jmp 00007FD448BF55D7h 0x0000000e lea esp, dword ptr [esp+02h] 0x00000012 lea esp, dword ptr [esp+02h] 0x00000016 xchg edx, ecx 0x00000018 call 00007FD448BF5570h 0x0000001d add esp, 01h 0x00000020 jnle 00007FD448BF55C8h 0x00000022 jmp 00007FD448BF557Ah 0x00000024 lea esp, dword ptr [esp+03h] 0x00000028 jmp 00007FD448BF55A4h 0x0000002a mov dword ptr [esi], ecx 0x0000002c mov ecx, edx 0x0000002e mov cx, word ptr [esp] 0x00000032 bsf ecx, ebx 0x00000035 jmp 00007FD448BF55DFh 0x00000037 jnle 00007FD448BF5547h 0x00000039 mov cx, 166Ah 0x0000003d jmp 00007FD448BF55B1h 0x0000003f mov dword ptr [esi+04h], eax 0x00000042 push dx 0x00000044 add esp, 01h 0x00000047 jmp 00007FD448BF55CAh 0x00000049 jnle 00007FD448BF555Ch 0x0000004b xchg byte ptr [esp], ah 0x0000004e lea esp, dword ptr [esp+01h] 0x00000052 jmp 00007FD448BB5403h 0x00000057 mov cl, byte ptr [esp] 0x0000005a rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C884C1C second address: 000000006C884C48 instructions: 0x00000000 rdtsc 0x00000002 sub ebp, 02h 0x00000005 neg cx 0x00000008 js 00007FD448BFA10Ch 0x0000000a add edx, 213E919Dh 0x00000010 mov edx, eax 0x00000012 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89FABF second address: 000000006C851849 instructions: 0x00000000 rdtsc 0x00000002 sub esp, 03h 0x00000005 jl 00007FD448BF55C7h 0x00000007 mov word ptr [esp], sp 0x0000000b push word ptr [esp+02h] 0x00000010 sub esp, 16h 0x00000013 lea esp, dword ptr [esp+03h] 0x00000017 jmp 00007FD448BF574Ah 0x0000001c sub esi, 08h 0x0000001f pushad 0x00000020 cmc 0x00000021 jl 00007FD448BF5492h 0x00000027 jnl 00007FD448BF548Ch 0x0000002d call 00007FD448BF5571h 0x00000032 pop dword ptr [esp+10h] 0x00000036 jmp 00007FD448BF5576h 0x00000038 xchg edx, ecx 0x0000003a clc 0x0000003b jnp 00007FD448BF55A9h 0x0000003d jp 00007FD448BF55A7h 0x0000003f mov dword ptr [esi], ecx 0x00000041 jmp 00007FD448BF55E3h 0x00000043 mov ch, 19h 0x00000045 mov cx, 60D1h 0x00000049 lea ecx, dword ptr [00000000h+ebx*4] 0x00000050 bsr ecx, edi 0x00000053 jle 00007FD448BF555Fh 0x00000055 jnle 00007FD448BF555Dh 0x00000057 jmp 00007FD448BF557Ah 0x00000059 mov ecx, esi 0x0000005b jmp 00007FD448BF55A6h 0x0000005d add ecx, 04h 0x00000060 jmp 00007FD448BF55DFh 0x00000062 jne 00007FD448BF5547h 0x00000064 mov dword ptr [ecx], eax 0x00000066 bswap eax 0x00000068 mov ecx, esi 0x0000006a jmp 00007FD448BA7216h 0x0000006f rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C862145 second address: 000000006C862238 instructions: 0x00000000 rdtsc 0x00000002 mov eax, ebx 0x00000004 jmp 00007FD448BFA125h 0x00000006 xchg dword ptr [esp], ecx 0x00000009 mov al, 6Ah 0x0000000b ror ax, cl 0x0000000e setb dh 0x00000011 bsf eax, eax 0x00000014 lea edx, dword ptr [ecx-1DD4EFFBh] 0x0000001a jmp 00007FD448BFA0C6h 0x0000001c lea ecx, dword ptr [ecx-00000024h] 0x00000022 not edx 0x00000024 push edi 0x00000025 mov dx, word ptr [esp+03h] 0x0000002a jmp 00007FD448BFA142h 0x0000002c xchg dword ptr [esp+04h], ecx 0x00000030 bswap edx 0x00000032 lea eax, dword ptr [00000000h+ecx*4] 0x00000039 mov ah, EDh 0x0000003b push dword ptr [esp+04h] 0x0000003f retn 0008h 0x00000042 stc 0x00000043 jbe 00007FD448BFA17Ch 0x00000049 call 00007FD448BFA313h 0x0000004e xchg edx, eax 0x00000050 mov eax, edi 0x00000052 mov dx, bp 0x00000055 push edi 0x00000056 xchg dword ptr [esp+04h], ecx 0x0000005a jmp 00007FD448BF9F5Dh 0x0000005f mov ah, 99h 0x00000061 sub esp, 01h 0x00000064 neg dx 0x00000067 mov byte ptr [esp], dh 0x0000006a cmc 0x0000006b lea esp, dword ptr [esp+01h] 0x0000006f jmp 00007FD448BFA0C2h 0x00000071 lea ecx, dword ptr [ecx+34h] 0x00000074 call 00007FD448BFA0D7h 0x00000079 mov word ptr [esp], ax 0x0000007d lea edx, dword ptr [edi+2Dh] 0x00000080 lea eax, dword ptr [00000000h+edx*4] 0x00000087 jmp 00007FD448BFA100h 0x00000089 xchg dword ptr [esp+08h], ecx 0x0000008d mov al, bl 0x0000008f sub esp, 0Ah 0x00000092 mov dword ptr [esp+04h], esi 0x00000096 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C899DB9 second address: 000000006C899ED1 instructions: 0x00000000 rdtsc 0x00000002 setnle cl 0x00000005 setb cl 0x00000008 jmp 00007FD448BFA141h 0x0000000a sub edi, 08h 0x0000000d xchg ch, cl 0x0000000f bsr ecx, ebx 0x00000012 je 00007FD448BFA0D2h 0x00000014 jne 00007FD448BFA8E3h 0x0000001a neg ch 0x0000001c jmp 00007FD448BF9FCFh 0x00000021 pushad 0x00000022 xchg eax, esi 0x00000023 sub esp, 0Fh 0x00000026 jbe 00007FD448BFA071h 0x0000002c xchg word ptr [esp+06h], ax 0x00000031 mov dx, 2507h 0x00000035 lea esp, dword ptr [esp+03h] 0x00000039 mov dword ptr [esp+24h], edi 0x0000003d lea esp, dword ptr [esp+0Ch] 0x00000041 jmp 00007FD448BF9AFFh 0x00000046 popad 0x00000047 mov dword ptr [ecx], edx 0x00000049 jmp 00007FD448BFA025h 0x0000004e rcr ch, cl 0x00000050 jbe 00007FD448BFA0D8h 0x00000052 setno ch 0x00000055 jmp 00007FD448BFA130h 0x00000057 mov edx, edi 0x00000059 add edx, 04h 0x0000005c jnl 00007FD448BFA0C3h 0x0000005e jmp 00007FD448BFA0DAh 0x00000060 mov dword ptr [edx], eax 0x00000062 bsf eax, ebp 0x00000065 call 00007FD448BFA103h 0x0000006a pop word ptr [esp] 0x0000006e lea esp, dword ptr [esp+02h] 0x00000072 call 00007FD448BFA0F6h 0x00000077 jmp 00007FD448BFA12Ch 0x00000079 shl eax, 03h 0x0000007c lea edx, dword ptr [00000000h+ebp*4] 0x00000083 inc cx 0x00000085 lea ecx, dword ptr [eax+edi] 0x00000088 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89FABF second address: 000000006C851849 instructions: 0x00000000 rdtsc 0x00000002 sub esp, 03h 0x00000005 jl 00007FD448BF55C7h 0x00000007 mov word ptr [esp], sp 0x0000000b push word ptr [esp+02h] 0x00000010 sub esp, 16h 0x00000013 lea esp, dword ptr [esp+03h] 0x00000017 jmp 00007FD448BF574Ah 0x0000001c sub esi, 08h 0x0000001f pushad 0x00000020 cmc 0x00000021 jl 00007FD448BF5492h 0x00000027 jnl 00007FD448BF548Ch 0x0000002d call 00007FD448BF5571h 0x00000032 pop dword ptr [esp+10h] 0x00000036 jmp 00007FD448BF5576h 0x00000038 xchg edx, ecx 0x0000003a clc 0x0000003b jnp 00007FD448BF55A9h 0x0000003d mov dword ptr [esi], ecx 0x0000003f jmp 00007FD448BF55E3h 0x00000041 mov ch, 19h 0x00000043 mov cx, 60D1h 0x00000047 lea ecx, dword ptr [00000000h+ebx*4] 0x0000004e bsr ecx, edi 0x00000051 jle 00007FD448BF555Fh 0x00000053 jnle 00007FD448BF555Dh 0x00000055 jmp 00007FD448BF557Ah 0x00000057 mov ecx, esi 0x00000059 jmp 00007FD448BF55A6h 0x0000005b add ecx, 04h 0x0000005e jmp 00007FD448BF55DFh 0x00000060 jne 00007FD448BF5547h 0x00000062 mov dword ptr [ecx], eax 0x00000064 bswap eax 0x00000066 mov ecx, esi 0x00000068 jmp 00007FD448BA7216h 0x0000006d rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89E930 second address: 000000006C85504B instructions: 0x00000000 rdtsc 0x00000002 call 00007FD448BFA0F6h 0x00000007 sub edi, 08h 0x0000000a jmp 00007FD448BFA0F6h 0x0000000c pushad 0x0000000d lea esp, dword ptr [esp+01h] 0x00000011 add esp, 16h 0x00000014 jo 00007FD448BFB1A5h 0x0000001a pop dword ptr [esp] 0x0000001d jmp 00007FD448BFB27Ah 0x00000022 lea esp, dword ptr [esp+01h] 0x00000026 jmp 00007FD448BF9FF3h 0x0000002b mov dword ptr [edi], edx 0x0000002d mov dx, cx 0x00000030 setp dh 0x00000033 mov edx, ebx 0x00000035 jmp 00007FD448BFA11Eh 0x00000037 xchg eax, ecx 0x00000038 mov dx, word ptr [esp] 0x0000003c bt edx, edx 0x0000003f jnl 00007FD448BFA0D0h 0x00000041 bt edx, esi 0x00000044 lea edx, dword ptr [00000000h+ebx*4] 0x0000004b jmp 00007FD448BFA128h 0x0000004d mov dword ptr [edi+04h], ecx 0x00000050 bswap ecx 0x00000052 rol cl, 00000006h 0x00000055 jp 00007FD448BFA0CAh 0x00000057 jnp 00007FD448BFA0CFh 0x00000059 dec ecx 0x0000005a jmp 00007FD448BAF706h 0x0000005f jmp 00007FD448BFA138h 0x00000061 stc 0x00000062 jnle 00007FD448BFA0A9h 0x00000064 bsf cx, di 0x00000068 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89E930 second address: 000000006C855094 instructions: 0x00000000 rdtsc 0x00000002 call 00007FD448BF5596h 0x00000007 sub edi, 08h 0x0000000a jmp 00007FD448BF5596h 0x0000000c pushad 0x0000000d lea esp, dword ptr [esp+01h] 0x00000011 add esp, 16h 0x00000014 jo 00007FD448BF6645h 0x0000001a pop dword ptr [esp] 0x0000001d jmp 00007FD448BF671Ah 0x00000022 lea esp, dword ptr [esp+01h] 0x00000026 jmp 00007FD448BF5493h 0x0000002b mov dword ptr [edi], edx 0x0000002d mov dx, cx 0x00000030 setp dh 0x00000033 mov edx, ebx 0x00000035 jmp 00007FD448BF55BEh 0x00000037 xchg eax, ecx 0x00000038 mov dx, word ptr [esp] 0x0000003c bt edx, edx 0x0000003f jnl 00007FD448BF5570h 0x00000041 bt edx, esi 0x00000044 lea edx, dword ptr [00000000h+ebx*4] 0x0000004b jmp 00007FD448BF55C8h 0x0000004d mov dword ptr [edi+04h], ecx 0x00000050 bswap ecx 0x00000052 rol cl, 00000006h 0x00000055 jp 00007FD448BF556Ah 0x00000057 jnp 00007FD448BF556Fh 0x00000059 dec ecx 0x0000005a jmp 00007FD448BAABA6h 0x0000005f jmp 00007FD448BF55D8h 0x00000061 stc 0x00000062 jnle 00007FD448BF5549h 0x00000064 bsf cx, di 0x00000068 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C89E930 second address: 000000006C855094 instructions: 0x00000000 rdtsc 0x00000002 call 00007FD448BFA0F6h 0x00000007 sub edi, 08h 0x0000000a jmp 00007FD448BFA0F6h 0x0000000c pushad 0x0000000d lea esp, dword ptr [esp+01h] 0x00000011 add esp, 16h 0x00000014 jo 00007FD448BFB1A5h 0x0000001a pop dword ptr [esp] 0x0000001d jmp 00007FD448BFB27Ah 0x00000022 lea esp, dword ptr [esp+01h] 0x00000026 jmp 00007FD448BF9FF3h 0x0000002b mov dword ptr [edi], edx 0x0000002d mov dx, cx 0x00000030 setp dh 0x00000033 mov edx, ebx 0x00000035 jmp 00007FD448BFA11Eh 0x00000037 xchg eax, ecx 0x00000038 mov dx, word ptr [esp] 0x0000003c bt edx, edx 0x0000003f jnl 00007FD448BFA0D0h 0x00000041 bt edx, esi 0x00000044 lea edx, dword ptr [00000000h+ebx*4] 0x0000004b jmp 00007FD448BFA128h 0x0000004d mov dword ptr [edi+04h], ecx 0x00000050 bswap ecx 0x00000052 rol cl, 00000006h 0x00000055 jp 00007FD448BFA0CAh 0x00000057 jnp 00007FD448BFA0CFh 0x00000059 dec ecx 0x0000005a jmp 00007FD448BAF706h 0x0000005f jmp 00007FD448BFA138h 0x00000061 stc 0x00000062 jnle 00007FD448BFA0A9h 0x00000064 bsf cx, di 0x00000068 rdtsc |
| Source: C:\Windows\SysWOW64\rundll32.exe | RDTSC instruction interceptor: First address: 000000006C88B7D0 second address: 000000006C88271D instructions: 0x00000000 rdtsc 0x00000002 clc 0x00000003 js 00007FD448BFA1FFh 0x00000009 cmc 0x0000000a cmc 0x0000000b jmp 00007FD448BFA1A9h 0x00000010 sub ebp, 08h 0x00000013 pushad 0x00000014 pop word ptr [esp+05h] 0x00000019 jmp 00007FD448BFA07Ch 0x0000001b lea esp, dword ptr [esp+02h] 0x0000001f xchg edx, ecx 0x00000021 call 00007FD448BFA0D4h 0x00000026 mov word ptr [esp], si 0x0000002a pop word ptr [esp] 0x0000002e lea esp, dword ptr [esp+02h] 0x00000032 jmp 00007FD448BFA121h 0x00000034 mov dword ptr [ebp+00h], ecx 0x00000037 pushfd 0x00000038 neg cx 0x0000003b jnp 00007FD448BFA0CDh 0x0000003d jp 00007FD448BFA110h 0x0000003f mov cx, word ptr [esp+03h] 0x00000044 lea ecx, dword ptr [edx-000000F7h] 0x0000004a jmp 00007FD448BFA0C7h 0x0000004c mov dword ptr [ebp+04h], eax 0x0000004f mov ax, sp 0x00000052 mov ecx, dword ptr [esp] 0x00000055 jmp 00007FD448BF0EBAh 0x0000005a jmp 00007FD448BFA1DEh 0x0000005f xchg eax, ecx 0x00000060 rdtsc |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A57ABA mov eax, dword ptr fs:[00000030h] | 0_2_02A57ABA |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A57ABA mov eax, dword ptr fs:[00000030h] | 0_2_02A57ABA |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5D2EB mov eax, dword ptr fs:[00000030h] | 0_2_02A5D2EB |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02AA42F0 mov eax, dword ptr fs:[00000030h] | 0_2_02AA42F0 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A782F8 mov eax, dword ptr fs:[00000030h] | 0_2_02A782F8 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A782F8 mov eax, dword ptr fs:[00000030h] | 0_2_02A782F8 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A48AC4 mov eax, dword ptr fs:[00000030h] | 0_2_02A48AC4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8E2C6 mov eax, dword ptr fs:[00000030h] | 0_2_02A8E2C6 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8D21B mov eax, dword ptr fs:[00000030h] | 0_2_02A8D21B |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8D21B mov eax, dword ptr fs:[00000030h] | 0_2_02A8D21B |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8D21B mov eax, dword ptr fs:[00000030h] | 0_2_02A8D21B |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8D21B mov eax, dword ptr fs:[00000030h] | 0_2_02A8D21B |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8D21B mov ecx, dword ptr fs:[00000030h] | 0_2_02A8D21B |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A76210 mov eax, dword ptr fs:[00000030h] | 0_2_02A76210 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A87A4E mov eax, dword ptr fs:[00000030h] | 0_2_02A87A4E |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A87A4E mov ecx, dword ptr fs:[00000030h] | 0_2_02A87A4E |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A58250 mov eax, dword ptr fs:[00000030h] | 0_2_02A58250 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A58250 mov eax, dword ptr fs:[00000030h] | 0_2_02A58250 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A58250 mov eax, dword ptr fs:[00000030h] | 0_2_02A58250 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A57A52 mov eax, dword ptr fs:[00000030h] | 0_2_02A57A52 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A57A52 mov eax, dword ptr fs:[00000030h] | 0_2_02A57A52 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A57A52 mov eax, dword ptr fs:[00000030h] | 0_2_02A57A52 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A57A52 mov eax, dword ptr fs:[00000030h] | 0_2_02A57A52 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A46B94 mov ecx, dword ptr fs:[00000030h] | 0_2_02A46B94 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A57394 mov eax, dword ptr fs:[00000030h] | 0_2_02A57394 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A57394 mov eax, dword ptr fs:[00000030h] | 0_2_02A57394 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A57394 mov eax, dword ptr fs:[00000030h] | 0_2_02A57394 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A57394 mov eax, dword ptr fs:[00000030h] | 0_2_02A57394 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A593E3 mov ecx, dword ptr fs:[00000030h] | 0_2_02A593E3 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A593E3 mov eax, dword ptr fs:[00000030h] | 0_2_02A593E3 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A97BE4 mov eax, dword ptr fs:[00000030h] | 0_2_02A97BE4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A97BE4 mov ecx, dword ptr fs:[00000030h] | 0_2_02A97BE4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A97BE4 mov ecx, dword ptr fs:[00000030h] | 0_2_02A97BE4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5E3F3 mov eax, dword ptr fs:[00000030h] | 0_2_02A5E3F3 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5E3F3 mov eax, dword ptr fs:[00000030h] | 0_2_02A5E3F3 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5E3F3 mov eax, dword ptr fs:[00000030h] | 0_2_02A5E3F3 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A55BC8 mov eax, dword ptr fs:[00000030h] | 0_2_02A55BC8 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A55BC8 mov eax, dword ptr fs:[00000030h] | 0_2_02A55BC8 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A58BDB mov eax, dword ptr fs:[00000030h] | 0_2_02A58BDB |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A58BDB mov eax, dword ptr fs:[00000030h] | 0_2_02A58BDB |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A55B14 mov eax, dword ptr fs:[00000030h] | 0_2_02A55B14 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A55B14 mov eax, dword ptr fs:[00000030h] | 0_2_02A55B14 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5D344 mov eax, dword ptr fs:[00000030h] | 0_2_02A5D344 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5D344 mov eax, dword ptr fs:[00000030h] | 0_2_02A5D344 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5D344 mov eax, dword ptr fs:[00000030h] | 0_2_02A5D344 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A7F344 mov eax, dword ptr fs:[00000030h] | 0_2_02A7F344 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A7F344 mov eax, dword ptr fs:[00000030h] | 0_2_02A7F344 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A94B4A mov eax, dword ptr fs:[00000030h] | 0_2_02A94B4A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A94B4A mov ecx, dword ptr fs:[00000030h] | 0_2_02A94B4A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A76342 mov eax, dword ptr fs:[00000030h] | 0_2_02A76342 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A578B4 mov eax, dword ptr fs:[00000030h] | 0_2_02A578B4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A578B4 mov eax, dword ptr fs:[00000030h] | 0_2_02A578B4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A578B4 mov eax, dword ptr fs:[00000030h] | 0_2_02A578B4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A578B4 mov eax, dword ptr fs:[00000030h] | 0_2_02A578B4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5E082 mov eax, dword ptr fs:[00000030h] | 0_2_02A5E082 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5E082 mov eax, dword ptr fs:[00000030h] | 0_2_02A5E082 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8D0EF mov eax, dword ptr fs:[00000030h] | 0_2_02A8D0EF |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8D0EF mov ecx, dword ptr fs:[00000030h] | 0_2_02A8D0EF |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A460CC mov ebx, dword ptr fs:[00000030h] | 0_2_02A460CC |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A460CC mov eax, dword ptr fs:[00000030h] | 0_2_02A460CC |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A460CC mov ecx, dword ptr fs:[00000030h] | 0_2_02A460CC |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A460CC mov eax, dword ptr fs:[00000030h] | 0_2_02A460CC |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A778D4 cmp dword ptr fs:[00000030h], ebx | 0_2_02A778D4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A778D4 mov eax, dword ptr fs:[00000030h] | 0_2_02A778D4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A778D4 mov eax, dword ptr fs:[00000030h] | 0_2_02A778D4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A778D4 mov eax, dword ptr fs:[00000030h] | 0_2_02A778D4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A768DC mov eax, dword ptr fs:[00000030h] | 0_2_02A768DC |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A768DC mov eax, dword ptr fs:[00000030h] | 0_2_02A768DC |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A76838 mov ecx, dword ptr fs:[00000030h] | 0_2_02A76838 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8206A mov eax, dword ptr fs:[00000030h] | 0_2_02A8206A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8206A mov ecx, dword ptr fs:[00000030h] | 0_2_02A8206A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A479A4 mov eax, dword ptr fs:[00000030h] | 0_2_02A479A4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A479A4 mov eax, dword ptr fs:[00000030h] | 0_2_02A479A4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A479A4 mov eax, dword ptr fs:[00000030h] | 0_2_02A479A4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A769B2 mov eax, dword ptr fs:[00000030h] | 0_2_02A769B2 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A769B2 mov ecx, dword ptr fs:[00000030h] | 0_2_02A769B2 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A55994 mov eax, dword ptr fs:[00000030h] | 0_2_02A55994 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A55994 mov eax, dword ptr fs:[00000030h] | 0_2_02A55994 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4E9E4 mov eax, dword ptr fs:[00000030h] | 0_2_02A4E9E4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8E1EA mov eax, dword ptr fs:[00000030h] | 0_2_02A8E1EA |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8E1EA mov ecx, dword ptr fs:[00000030h] | 0_2_02A8E1EA |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8E1EA mov eax, dword ptr fs:[00000030h] | 0_2_02A8E1EA |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A971EE mov eax, dword ptr fs:[00000030h] | 0_2_02A971EE |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A971EE mov ecx, dword ptr fs:[00000030h] | 0_2_02A971EE |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A971EE mov ecx, dword ptr fs:[00000030h] | 0_2_02A971EE |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A81121 mov eax, dword ptr fs:[00000030h] | 0_2_02A81121 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A81121 mov eax, dword ptr fs:[00000030h] | 0_2_02A81121 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8194A mov eax, dword ptr fs:[00000030h] | 0_2_02A8194A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02AA4146 mov eax, dword ptr fs:[00000030h] | 0_2_02AA4146 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A95E8A mov eax, dword ptr fs:[00000030h] | 0_2_02A95E8A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A95E8A mov eax, dword ptr fs:[00000030h] | 0_2_02A95E8A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A95E8A mov eax, dword ptr fs:[00000030h] | 0_2_02A95E8A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A95E8A mov ecx, dword ptr fs:[00000030h] | 0_2_02A95E8A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A95E8A mov eax, dword ptr fs:[00000030h] | 0_2_02A95E8A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A95E8A mov ecx, dword ptr fs:[00000030h] | 0_2_02A95E8A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A97E8C mov ecx, dword ptr fs:[00000030h] | 0_2_02A97E8C |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A97E8C mov ecx, dword ptr fs:[00000030h] | 0_2_02A97E8C |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A58EE3 mov eax, dword ptr fs:[00000030h] | 0_2_02A58EE3 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A58EE3 mov eax, dword ptr fs:[00000030h] | 0_2_02A58EE3 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A58EE3 mov ecx, dword ptr fs:[00000030h] | 0_2_02A58EE3 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4CED4 mov eax, dword ptr fs:[00000030h] | 0_2_02A4CED4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4CED4 mov ecx, dword ptr fs:[00000030h] | 0_2_02A4CED4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A96637 mov eax, dword ptr fs:[00000030h] | 0_2_02A96637 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A96637 mov eax, dword ptr fs:[00000030h] | 0_2_02A96637 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A96637 mov eax, dword ptr fs:[00000030h] | 0_2_02A96637 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A96637 mov eax, dword ptr fs:[00000030h] | 0_2_02A96637 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A96637 mov eax, dword ptr fs:[00000030h] | 0_2_02A96637 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A96637 mov ecx, dword ptr fs:[00000030h] | 0_2_02A96637 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A96E47 mov eax, dword ptr fs:[00000030h] | 0_2_02A96E47 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4FE58 mov ecx, dword ptr fs:[00000030h] | 0_2_02A4FE58 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4FE58 mov eax, dword ptr fs:[00000030h] | 0_2_02A4FE58 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A95FB9 mov eax, dword ptr fs:[00000030h] | 0_2_02A95FB9 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02AA3FB4 mov eax, dword ptr fs:[00000030h] | 0_2_02AA3FB4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02AA3FB4 mov eax, dword ptr fs:[00000030h] | 0_2_02AA3FB4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02AA3FB4 mov eax, dword ptr fs:[00000030h] | 0_2_02AA3FB4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02AA3FB4 mov eax, dword ptr fs:[00000030h] | 0_2_02AA3FB4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A50FBB mov eax, dword ptr fs:[00000030h] | 0_2_02A50FBB |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A50FBB mov eax, dword ptr fs:[00000030h] | 0_2_02A50FBB |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A50FBB mov eax, dword ptr fs:[00000030h] | 0_2_02A50FBB |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A50FBB mov eax, dword ptr fs:[00000030h] | 0_2_02A50FBB |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A50FBB mov eax, dword ptr fs:[00000030h] | 0_2_02A50FBB |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5CFF4 mov eax, dword ptr fs:[00000030h] | 0_2_02A5CFF4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A96FD7 mov eax, dword ptr fs:[00000030h] | 0_2_02A96FD7 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A96FD7 mov ecx, dword ptr fs:[00000030h] | 0_2_02A96FD7 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A96FD7 mov ecx, dword ptr fs:[00000030h] | 0_2_02A96FD7 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A7FF23 mov eax, dword ptr fs:[00000030h] | 0_2_02A7FF23 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A7FF23 mov eax, dword ptr fs:[00000030h] | 0_2_02A7FF23 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A80707 mov eax, dword ptr fs:[00000030h] | 0_2_02A80707 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A80707 mov eax, dword ptr fs:[00000030h] | 0_2_02A80707 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A45F16 mov eax, dword ptr fs:[00000030h] | 0_2_02A45F16 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A45F16 mov eax, dword ptr fs:[00000030h] | 0_2_02A45F16 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A45F16 mov eax, dword ptr fs:[00000030h] | 0_2_02A45F16 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A77F14 mov eax, dword ptr fs:[00000030h] | 0_2_02A77F14 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A77F14 mov eax, dword ptr fs:[00000030h] | 0_2_02A77F14 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4FF1F mov eax, dword ptr fs:[00000030h] | 0_2_02A4FF1F |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4FF1F mov ecx, dword ptr fs:[00000030h] | 0_2_02A4FF1F |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4FF1F mov eax, dword ptr fs:[00000030h] | 0_2_02A4FF1F |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4FF1F mov eax, dword ptr fs:[00000030h] | 0_2_02A4FF1F |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4FF1F mov eax, dword ptr fs:[00000030h] | 0_2_02A4FF1F |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4FF1F mov eax, dword ptr fs:[00000030h] | 0_2_02A4FF1F |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5171B mov eax, dword ptr fs:[00000030h] | 0_2_02A5171B |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A47CA4 mov eax, dword ptr fs:[00000030h] | 0_2_02A47CA4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A47CA4 mov ecx, dword ptr fs:[00000030h] | 0_2_02A47CA4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A47CA4 mov eax, dword ptr fs:[00000030h] | 0_2_02A47CA4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A564A4 mov eax, dword ptr fs:[00000030h] | 0_2_02A564A4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A564A4 mov eax, dword ptr fs:[00000030h] | 0_2_02A564A4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A77CBC mov eax, dword ptr fs:[00000030h] | 0_2_02A77CBC |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A77CBC mov eax, dword ptr fs:[00000030h] | 0_2_02A77CBC |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A9A4B6 mov eax, dword ptr fs:[00000030h] | 0_2_02A9A4B6 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A9A4B6 mov ecx, dword ptr fs:[00000030h] | 0_2_02A9A4B6 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A9649F mov eax, dword ptr fs:[00000030h] | 0_2_02A9649F |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A9649F mov eax, dword ptr fs:[00000030h] | 0_2_02A9649F |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A7F4CA mov eax, dword ptr fs:[00000030h] | 0_2_02A7F4CA |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A7F4CA mov ecx, dword ptr fs:[00000030h] | 0_2_02A7F4CA |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A55CD0 mov eax, dword ptr fs:[00000030h] | 0_2_02A55CD0 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A80CD5 mov eax, dword ptr fs:[00000030h] | 0_2_02A80CD5 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A80CD5 mov eax, dword ptr fs:[00000030h] | 0_2_02A80CD5 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A80CD5 mov eax, dword ptr fs:[00000030h] | 0_2_02A80CD5 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A46C24 mov eax, dword ptr fs:[00000030h] | 0_2_02A46C24 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A46C24 mov ecx, dword ptr fs:[00000030h] | 0_2_02A46C24 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A45C24 mov eax, dword ptr fs:[00000030h] | 0_2_02A45C24 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A81440 mov eax, dword ptr fs:[00000030h] | 0_2_02A81440 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A81440 mov eax, dword ptr fs:[00000030h] | 0_2_02A81440 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5844E mov eax, dword ptr fs:[00000030h] | 0_2_02A5844E |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5844E mov eax, dword ptr fs:[00000030h] | 0_2_02A5844E |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5844E mov eax, dword ptr fs:[00000030h] | 0_2_02A5844E |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5844E mov eax, dword ptr fs:[00000030h] | 0_2_02A5844E |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A8BC57 mov eax, dword ptr fs:[00000030h] | 0_2_02A8BC57 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A81D8A mov eax, dword ptr fs:[00000030h] | 0_2_02A81D8A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A81D8A mov ecx, dword ptr fs:[00000030h] | 0_2_02A81D8A |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5958C mov ecx, dword ptr fs:[00000030h] | 0_2_02A5958C |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5958C mov eax, dword ptr fs:[00000030h] | 0_2_02A5958C |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A87DC4 mov eax, dword ptr fs:[00000030h] | 0_2_02A87DC4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A87DC4 mov eax, dword ptr fs:[00000030h] | 0_2_02A87DC4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A87DC4 mov eax, dword ptr fs:[00000030h] | 0_2_02A87DC4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A87DC4 mov eax, dword ptr fs:[00000030h] | 0_2_02A87DC4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A87DC4 mov ecx, dword ptr fs:[00000030h] | 0_2_02A87DC4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A905C6 mov esi, dword ptr fs:[00000030h] | 0_2_02A905C6 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A46504 mov eax, dword ptr fs:[00000030h] | 0_2_02A46504 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A46504 mov ecx, dword ptr fs:[00000030h] | 0_2_02A46504 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A46504 mov eax, dword ptr fs:[00000030h] | 0_2_02A46504 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A45D11 mov eax, dword ptr fs:[00000030h] | 0_2_02A45D11 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A45D11 mov eax, dword ptr fs:[00000030h] | 0_2_02A45D11 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4951B mov eax, dword ptr fs:[00000030h] | 0_2_02A4951B |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4951B mov eax, dword ptr fs:[00000030h] | 0_2_02A4951B |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A4951B mov eax, dword ptr fs:[00000030h] | 0_2_02A4951B |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A55D74 mov eax, dword ptr fs:[00000030h] | 0_2_02A55D74 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A55D74 mov eax, dword ptr fs:[00000030h] | 0_2_02A55D74 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A58D54 mov eax, dword ptr fs:[00000030h] | 0_2_02A58D54 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A58D54 mov eax, dword ptr fs:[00000030h] | 0_2_02A58D54 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A58D54 mov ecx, dword ptr fs:[00000030h] | 0_2_02A58D54 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5CD54 mov eax, dword ptr fs:[00000030h] | 0_2_02A5CD54 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5CD54 mov eax, dword ptr fs:[00000030h] | 0_2_02A5CD54 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5CD54 mov eax, dword ptr fs:[00000030h] | 0_2_02A5CD54 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A59AB4 mov eax, dword ptr fs:[00000030h] | 0_2_02A59AB4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A59AB4 mov eax, dword ptr fs:[00000030h] | 0_2_02A59AB4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A59AB4 mov eax, dword ptr fs:[00000030h] | 0_2_02A59AB4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A59AB4 mov eax, dword ptr fs:[00000030h] | 0_2_02A59AB4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A59AB4 mov eax, dword ptr fs:[00000030h] | 0_2_02A59AB4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A59AB4 mov eax, dword ptr fs:[00000030h] | 0_2_02A59AB4 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5B399 mov eax, dword ptr fs:[00000030h] | 0_2_02A5B399 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5B399 mov eax, dword ptr fs:[00000030h] | 0_2_02A5B399 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5B399 mov eax, dword ptr fs:[00000030h] | 0_2_02A5B399 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5B399 mov eax, dword ptr fs:[00000030h] | 0_2_02A5B399 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5B399 mov eax, dword ptr fs:[00000030h] | 0_2_02A5B399 |
| Source: C:\Windows\System32\loaddll32.exe | Code function: 0_2_02A5B399 mov eax, dword ptr fs:[00000030h] | 0_2_02A5B399 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470465 mov eax, dword ptr fs:[00000030h] | 3_2_04470465 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470465 mov eax, dword ptr fs:[00000030h] | 3_2_04470465 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470465 mov eax, dword ptr fs:[00000030h] | 3_2_04470465 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470465 mov eax, dword ptr fs:[00000030h] | 3_2_04470465 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445EC7D mov ebx, dword ptr fs:[00000030h] | 3_2_0445EC7D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445EC7D mov eax, dword ptr fs:[00000030h] | 3_2_0445EC7D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445EC7D mov ecx, dword ptr fs:[00000030h] | 3_2_0445EC7D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445EC7D mov eax, dword ptr fs:[00000030h] | 3_2_0445EC7D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0449AC1B mov eax, dword ptr fs:[00000030h] | 3_2_0449AC1B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0449AC1B mov ecx, dword ptr fs:[00000030h] | 3_2_0449AC1B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04499CD2 mov eax, dword ptr fs:[00000030h] | 3_2_04499CD2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04499CD2 mov eax, dword ptr fs:[00000030h] | 3_2_04499CD2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0449A4FB mov eax, dword ptr fs:[00000030h] | 3_2_0449A4FB |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044BCCF7 mov eax, dword ptr fs:[00000030h] | 3_2_044BCCF7 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0448F48D mov eax, dword ptr fs:[00000030h] | 3_2_0448F48D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0448F48D mov eax, dword ptr fs:[00000030h] | 3_2_0448F48D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04490485 cmp dword ptr fs:[00000030h], ebx | 3_2_04490485 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04490485 mov eax, dword ptr fs:[00000030h] | 3_2_04490485 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04490485 mov eax, dword ptr fs:[00000030h] | 3_2_04490485 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04490485 mov eax, dword ptr fs:[00000030h] | 3_2_04490485 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A5CA0 mov eax, dword ptr fs:[00000030h] | 3_2_044A5CA0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A5CA0 mov ecx, dword ptr fs:[00000030h] | 3_2_044A5CA0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446E545 mov eax, dword ptr fs:[00000030h] | 3_2_0446E545 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446E545 mov eax, dword ptr fs:[00000030h] | 3_2_0446E545 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04460555 mov eax, dword ptr fs:[00000030h] | 3_2_04460555 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04460555 mov eax, dword ptr fs:[00000030h] | 3_2_04460555 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04460555 mov eax, dword ptr fs:[00000030h] | 3_2_04460555 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0448F563 mov eax, dword ptr fs:[00000030h] | 3_2_0448F563 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0448F563 mov ecx, dword ptr fs:[00000030h] | 3_2_0448F563 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A5DCC mov eax, dword ptr fs:[00000030h] | 3_2_044A5DCC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A5DCC mov eax, dword ptr fs:[00000030h] | 3_2_044A5DCC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A5DCC mov eax, dword ptr fs:[00000030h] | 3_2_044A5DCC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A5DCC mov eax, dword ptr fs:[00000030h] | 3_2_044A5DCC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A5DCC mov ecx, dword ptr fs:[00000030h] | 3_2_044A5DCC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0448EDC1 mov eax, dword ptr fs:[00000030h] | 3_2_0448EDC1 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A05FF mov eax, dword ptr fs:[00000030h] | 3_2_044A05FF |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A05FF mov ecx, dword ptr fs:[00000030h] | 3_2_044A05FF |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A6D9B mov eax, dword ptr fs:[00000030h] | 3_2_044A6D9B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A6D9B mov ecx, dword ptr fs:[00000030h] | 3_2_044A6D9B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A6D9B mov eax, dword ptr fs:[00000030h] | 3_2_044A6D9B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04467595 mov eax, dword ptr fs:[00000030h] | 3_2_04467595 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AFD9F mov eax, dword ptr fs:[00000030h] | 3_2_044AFD9F |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AFD9F mov ecx, dword ptr fs:[00000030h] | 3_2_044AFD9F |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AFD9F mov ecx, dword ptr fs:[00000030h] | 3_2_044AFD9F |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0447066B mov eax, dword ptr fs:[00000030h] | 3_2_0447066B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0447066B mov eax, dword ptr fs:[00000030h] | 3_2_0447066B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04461675 mov eax, dword ptr fs:[00000030h] | 3_2_04461675 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A6E77 mov eax, dword ptr fs:[00000030h] | 3_2_044A6E77 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470603 mov eax, dword ptr fs:[00000030h] | 3_2_04470603 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470603 mov eax, dword ptr fs:[00000030h] | 3_2_04470603 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470603 mov eax, dword ptr fs:[00000030h] | 3_2_04470603 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470603 mov eax, dword ptr fs:[00000030h] | 3_2_04470603 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470E01 mov eax, dword ptr fs:[00000030h] | 3_2_04470E01 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470E01 mov eax, dword ptr fs:[00000030h] | 3_2_04470E01 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470E01 mov eax, dword ptr fs:[00000030h] | 3_2_04470E01 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446E6C5 mov eax, dword ptr fs:[00000030h] | 3_2_0446E6C5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446E6C5 mov eax, dword ptr fs:[00000030h] | 3_2_0446E6C5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AD6FB mov eax, dword ptr fs:[00000030h] | 3_2_044AD6FB |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AD6FB mov ecx, dword ptr fs:[00000030h] | 3_2_044AD6FB |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04475EF5 mov eax, dword ptr fs:[00000030h] | 3_2_04475EF5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04475EF5 mov eax, dword ptr fs:[00000030h] | 3_2_04475EF5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04475EF5 mov eax, dword ptr fs:[00000030h] | 3_2_04475EF5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0448EEF3 mov eax, dword ptr fs:[00000030h] | 3_2_0448EEF3 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04497EF5 mov eax, dword ptr fs:[00000030h] | 3_2_04497EF5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04497EF5 mov eax, dword ptr fs:[00000030h] | 3_2_04497EF5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04475E9C mov eax, dword ptr fs:[00000030h] | 3_2_04475E9C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04490EA9 mov eax, dword ptr fs:[00000030h] | 3_2_04490EA9 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04490EA9 mov eax, dword ptr fs:[00000030h] | 3_2_04490EA9 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044BCEA1 mov eax, dword ptr fs:[00000030h] | 3_2_044BCEA1 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445F745 mov ecx, dword ptr fs:[00000030h] | 3_2_0445F745 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446FF45 mov eax, dword ptr fs:[00000030h] | 3_2_0446FF45 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446FF45 mov eax, dword ptr fs:[00000030h] | 3_2_0446FF45 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446FF45 mov eax, dword ptr fs:[00000030h] | 3_2_0446FF45 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446FF45 mov eax, dword ptr fs:[00000030h] | 3_2_0446FF45 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446E779 mov eax, dword ptr fs:[00000030h] | 3_2_0446E779 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446E779 mov eax, dword ptr fs:[00000030h] | 3_2_0446E779 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445F7D5 mov eax, dword ptr fs:[00000030h] | 3_2_0445F7D5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445F7D5 mov ecx, dword ptr fs:[00000030h] | 3_2_0445F7D5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445E7D5 mov eax, dword ptr fs:[00000030h] | 3_2_0445E7D5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04499FF1 mov eax, dword ptr fs:[00000030h] | 3_2_04499FF1 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04499FF1 mov eax, dword ptr fs:[00000030h] | 3_2_04499FF1 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470FFF mov eax, dword ptr fs:[00000030h] | 3_2_04470FFF |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470FFF mov eax, dword ptr fs:[00000030h] | 3_2_04470FFF |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470FFF mov eax, dword ptr fs:[00000030h] | 3_2_04470FFF |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04470FFF mov eax, dword ptr fs:[00000030h] | 3_2_04470FFF |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0447178C mov eax, dword ptr fs:[00000030h] | 3_2_0447178C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0447178C mov eax, dword ptr fs:[00000030h] | 3_2_0447178C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04471F94 mov ecx, dword ptr fs:[00000030h] | 3_2_04471F94 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04471F94 mov eax, dword ptr fs:[00000030h] | 3_2_04471F94 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044B0795 mov eax, dword ptr fs:[00000030h] | 3_2_044B0795 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044B0795 mov ecx, dword ptr fs:[00000030h] | 3_2_044B0795 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044B0795 mov ecx, dword ptr fs:[00000030h] | 3_2_044B0795 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04460855 mov eax, dword ptr fs:[00000030h] | 3_2_04460855 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04460855 mov ecx, dword ptr fs:[00000030h] | 3_2_04460855 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04460855 mov eax, dword ptr fs:[00000030h] | 3_2_04460855 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446F055 mov eax, dword ptr fs:[00000030h] | 3_2_0446F055 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446F055 mov eax, dword ptr fs:[00000030h] | 3_2_0446F055 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AF050 mov eax, dword ptr fs:[00000030h] | 3_2_044AF050 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AF050 mov eax, dword ptr fs:[00000030h] | 3_2_044AF050 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0449086D mov eax, dword ptr fs:[00000030h] | 3_2_0449086D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0449086D mov eax, dword ptr fs:[00000030h] | 3_2_0449086D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044B3067 mov eax, dword ptr fs:[00000030h] | 3_2_044B3067 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044B3067 mov ecx, dword ptr fs:[00000030h] | 3_2_044B3067 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0449807B mov eax, dword ptr fs:[00000030h] | 3_2_0449807B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0449807B mov ecx, dword ptr fs:[00000030h] | 3_2_0449807B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A4808 mov eax, dword ptr fs:[00000030h] | 3_2_044A4808 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445E8C2 mov eax, dword ptr fs:[00000030h] | 3_2_0445E8C2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445E8C2 mov eax, dword ptr fs:[00000030h] | 3_2_0445E8C2 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044620CC mov eax, dword ptr fs:[00000030h] | 3_2_044620CC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044620CC mov eax, dword ptr fs:[00000030h] | 3_2_044620CC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044620CC mov eax, dword ptr fs:[00000030h] | 3_2_044620CC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446E881 mov eax, dword ptr fs:[00000030h] | 3_2_0446E881 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04499886 mov eax, dword ptr fs:[00000030h] | 3_2_04499886 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04499886 mov eax, dword ptr fs:[00000030h] | 3_2_04499886 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04499886 mov eax, dword ptr fs:[00000030h] | 3_2_04499886 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445F0B5 mov eax, dword ptr fs:[00000030h] | 3_2_0445F0B5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445F0B5 mov ecx, dword ptr fs:[00000030h] | 3_2_0445F0B5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445F0B5 mov eax, dword ptr fs:[00000030h] | 3_2_0445F0B5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A9177 mov esi, dword ptr fs:[00000030h] | 3_2_044A9177 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A0975 mov eax, dword ptr fs:[00000030h] | 3_2_044A0975 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A0975 mov eax, dword ptr fs:[00000030h] | 3_2_044A0975 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A0975 mov eax, dword ptr fs:[00000030h] | 3_2_044A0975 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A0975 mov eax, dword ptr fs:[00000030h] | 3_2_044A0975 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044A0975 mov ecx, dword ptr fs:[00000030h] | 3_2_044A0975 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04471905 mov eax, dword ptr fs:[00000030h] | 3_2_04471905 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04471905 mov eax, dword ptr fs:[00000030h] | 3_2_04471905 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04471905 mov ecx, dword ptr fs:[00000030h] | 3_2_04471905 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04475905 mov eax, dword ptr fs:[00000030h] | 3_2_04475905 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04475905 mov eax, dword ptr fs:[00000030h] | 3_2_04475905 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04475905 mov eax, dword ptr fs:[00000030h] | 3_2_04475905 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446E925 mov eax, dword ptr fs:[00000030h] | 3_2_0446E925 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446E925 mov eax, dword ptr fs:[00000030h] | 3_2_0446E925 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0449A93B mov eax, dword ptr fs:[00000030h] | 3_2_0449A93B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0449A93B mov ecx, dword ptr fs:[00000030h] | 3_2_0449A93B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0447213D mov ecx, dword ptr fs:[00000030h] | 3_2_0447213D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0447213D mov eax, dword ptr fs:[00000030h] | 3_2_0447213D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AF1E8 mov eax, dword ptr fs:[00000030h] | 3_2_044AF1E8 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AF1E8 mov eax, dword ptr fs:[00000030h] | 3_2_044AF1E8 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AF1E8 mov eax, dword ptr fs:[00000030h] | 3_2_044AF1E8 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AF1E8 mov eax, dword ptr fs:[00000030h] | 3_2_044AF1E8 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AF1E8 mov eax, dword ptr fs:[00000030h] | 3_2_044AF1E8 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AF1E8 mov ecx, dword ptr fs:[00000030h] | 3_2_044AF1E8 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AF9F8 mov eax, dword ptr fs:[00000030h] | 3_2_044AF9F8 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04468A09 mov ecx, dword ptr fs:[00000030h] | 3_2_04468A09 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04468A09 mov eax, dword ptr fs:[00000030h] | 3_2_04468A09 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AEA3B mov eax, dword ptr fs:[00000030h] | 3_2_044AEA3B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AEA3B mov eax, dword ptr fs:[00000030h] | 3_2_044AEA3B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AEA3B mov eax, dword ptr fs:[00000030h] | 3_2_044AEA3B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AEA3B mov ecx, dword ptr fs:[00000030h] | 3_2_044AEA3B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AEA3B mov eax, dword ptr fs:[00000030h] | 3_2_044AEA3B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AEA3B mov ecx, dword ptr fs:[00000030h] | 3_2_044AEA3B |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044B0A3D mov ecx, dword ptr fs:[00000030h] | 3_2_044B0A3D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044B0A3D mov ecx, dword ptr fs:[00000030h] | 3_2_044B0A3D |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445EAC7 mov eax, dword ptr fs:[00000030h] | 3_2_0445EAC7 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445EAC7 mov eax, dword ptr fs:[00000030h] | 3_2_0445EAC7 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0445EAC7 mov eax, dword ptr fs:[00000030h] | 3_2_0445EAC7 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_0446A2CC mov eax, dword ptr fs:[00000030h] | 3_2_0446A2CC |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04490AC5 mov eax, dword ptr fs:[00000030h] | 3_2_04490AC5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04490AC5 mov eax, dword ptr fs:[00000030h] | 3_2_04490AC5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04468AD0 mov eax, dword ptr fs:[00000030h] | 3_2_04468AD0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04468AD0 mov ecx, dword ptr fs:[00000030h] | 3_2_04468AD0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04468AD0 mov eax, dword ptr fs:[00000030h] | 3_2_04468AD0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04468AD0 mov eax, dword ptr fs:[00000030h] | 3_2_04468AD0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04468AD0 mov eax, dword ptr fs:[00000030h] | 3_2_04468AD0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04468AD0 mov eax, dword ptr fs:[00000030h] | 3_2_04468AD0 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04498AD4 mov eax, dword ptr fs:[00000030h] | 3_2_04498AD4 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04498AD4 mov eax, dword ptr fs:[00000030h] | 3_2_04498AD4 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04465A85 mov eax, dword ptr fs:[00000030h] | 3_2_04465A85 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04465A85 mov ecx, dword ptr fs:[00000030h] | 3_2_04465A85 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04471A94 mov eax, dword ptr fs:[00000030h] | 3_2_04471A94 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04471A94 mov eax, dword ptr fs:[00000030h] | 3_2_04471A94 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04471A94 mov ecx, dword ptr fs:[00000030h] | 3_2_04471A94 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044992B8 mov eax, dword ptr fs:[00000030h] | 3_2_044992B8 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044992B8 mov eax, dword ptr fs:[00000030h] | 3_2_044992B8 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AEB6A mov eax, dword ptr fs:[00000030h] | 3_2_044AEB6A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04469B6C mov eax, dword ptr fs:[00000030h] | 3_2_04469B6C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04469B6C mov eax, dword ptr fs:[00000030h] | 3_2_04469B6C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04469B6C mov eax, dword ptr fs:[00000030h] | 3_2_04469B6C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04469B6C mov eax, dword ptr fs:[00000030h] | 3_2_04469B6C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04469B6C mov eax, dword ptr fs:[00000030h] | 3_2_04469B6C |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044BCB65 mov eax, dword ptr fs:[00000030h] | 3_2_044BCB65 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044BCB65 mov eax, dword ptr fs:[00000030h] | 3_2_044BCB65 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044BCB65 mov eax, dword ptr fs:[00000030h] | 3_2_044BCB65 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044BCB65 mov eax, dword ptr fs:[00000030h] | 3_2_044BCB65 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AFB88 mov eax, dword ptr fs:[00000030h] | 3_2_044AFB88 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AFB88 mov ecx, dword ptr fs:[00000030h] | 3_2_044AFB88 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_044AFB88 mov ecx, dword ptr fs:[00000030h] | 3_2_044AFB88 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04475BA5 mov eax, dword ptr fs:[00000030h] | 3_2_04475BA5 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04472665 mov eax, dword ptr fs:[00000030h] | 3_2_04472665 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04472665 mov eax, dword ptr fs:[00000030h] | 3_2_04472665 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04472665 mov eax, dword ptr fs:[00000030h] | 3_2_04472665 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04472665 mov eax, dword ptr fs:[00000030h] | 3_2_04472665 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04472665 mov eax, dword ptr fs:[00000030h] | 3_2_04472665 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04472665 mov eax, dword ptr fs:[00000030h] | 3_2_04472665 |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04473F4A mov eax, dword ptr fs:[00000030h] | 3_2_04473F4A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04473F4A mov eax, dword ptr fs:[00000030h] | 3_2_04473F4A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04473F4A mov eax, dword ptr fs:[00000030h] | 3_2_04473F4A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04473F4A mov eax, dword ptr fs:[00000030h] | 3_2_04473F4A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04473F4A mov eax, dword ptr fs:[00000030h] | 3_2_04473F4A |
| Source: C:\Windows\SysWOW64\rundll32.exe | Code function: 3_2_04473F4A mov eax, dword ptr fs:[00000030h] | 3_2_04473F4A |
Edit tour
loaddll32.exe (PID: 7248 cmdline: 
conhost.exe (PID: 7256 cmdline: 
rundll32.exe (PID: 7304 cmdline: 
WerFault.exe (PID: 7728 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node