Windows Analysis Report
7eDrKI88k8.exe

Overview

General Information

Sample name: 7eDrKI88k8.exe
renamed because original name is a hash value
Original sample name: de977c9c79ceebdf86d4cb38408d7ce4.exe
Analysis ID: 1579681
MD5: de977c9c79ceebdf86d4cb38408d7ce4
SHA1: 2ffb19e7bc8109bb8033c1d6e25f4ae2fe49b3c6
SHA256: ad3fb64aaa0680e21de914b77e3502a6c82860f333fa3d2415cb9a7a93b9b893
Tags: exeuser-abuse_ch
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Entry point lies outside standard sections
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files

Classification

AV Detection

barindex
Source: 7eDrKI88k8.exe Avira: detected
Source: 7eDrKI88k8.exe Virustotal: Detection: 50% Perma Link
Source: 7eDrKI88k8.exe ReversingLabs: Detection: 65%
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: 7eDrKI88k8.exe Joe Sandbox ML: detected
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_ed16da56-f
Source: 7eDrKI88k8.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: Joe Sandbox View IP Address: 98.85.100.80 98.85.100.80
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic DNS traffic detected: DNS query: httpbin.org
Source: global traffic DNS traffic detected: DNS query: home.fivetk5ht.top
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000002.2441395812.0000000001F9E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851
Source: 7eDrKI88k8.exe, 00000000.00000002.2441395812.0000000001F9E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv17345798514fd4
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://home.fivetk5ht.top/zldPRFrmVFHTtKntGpOv1734579851http://home.fivetk5ht.top/zldPRFrmVFHTtKntGp
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: Amcache.hve.4.dr String found in binary or memory: http://upx.sf.net
Source: 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ip
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ipbefore
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704

System Summary

barindex
Source: 7eDrKI88k8.exe Static PE information: section name:
Source: 7eDrKI88k8.exe Static PE information: section name: .idata
Source: 7eDrKI88k8.exe Static PE information: section name:
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 1128
Source: 7eDrKI88k8.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: 7eDrKI88k8.exe Static PE information: Section: urwcuhgx ZLIB complexity 0.9946540782540587
Source: classification engine Classification label: mal100.evad.winEXE@2/5@14/1
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Mutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6412
Source: C:\Windows\SysWOW64\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\451d30d5-545b-4b97-98ac-37e60048c818 Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: 7eDrKI88k8.exe Virustotal: Detection: 50%
Source: 7eDrKI88k8.exe ReversingLabs: Detection: 65%
Source: 7eDrKI88k8.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: unknown Process created: C:\Users\user\Desktop\7eDrKI88k8.exe "C:\Users\user\Desktop\7eDrKI88k8.exe"
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 1128
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Section loaded: winrnr.dll Jump to behavior
Source: 7eDrKI88k8.exe Static file information: File size 4453888 > 1048576
Source: 7eDrKI88k8.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x284c00
Source: 7eDrKI88k8.exe Static PE information: Raw size of urwcuhgx is bigger than: 0x100000 < 0x1b6e00

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Unpacked PE file: 0.2.7eDrKI88k8.exe.c30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;urwcuhgx:EW;hijjtfti:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;urwcuhgx:EW;hijjtfti:EW;.taggant:EW;
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
Source: 7eDrKI88k8.exe Static PE information: real checksum: 0x445c88 should be: 0x4459bc
Source: 7eDrKI88k8.exe Static PE information: section name:
Source: 7eDrKI88k8.exe Static PE information: section name: .idata
Source: 7eDrKI88k8.exe Static PE information: section name:
Source: 7eDrKI88k8.exe Static PE information: section name: urwcuhgx
Source: 7eDrKI88k8.exe Static PE information: section name: hijjtfti
Source: 7eDrKI88k8.exe Static PE information: section name: .taggant
Source: 7eDrKI88k8.exe Static PE information: section name: urwcuhgx entropy: 7.956495964615325

Boot Survival

barindex
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: PROCMON.EXE
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: X64DBG.EXE
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WINDBG.EXE
Source: 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WIRESHARK.EXE
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EC515 second address: 14EC53C instructions: 0x00000000 rdtsc 0x00000002 jl 00007FD4D8B99496h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jnc 00007FD4D8B9949Eh 0x00000015 push esi 0x00000016 pushad 0x00000017 popad 0x00000018 jno 00007FD4D8B99496h 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EC53C second address: 14EC571 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EE5C56h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007FD4D8EE5C59h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EF580 second address: 14EF58A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FD4D8B99496h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EF65E second address: 14EF668 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EF668 second address: 14EF66C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EF6C6 second address: 14EF736 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007FD4D8EE5C48h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 mov edi, dword ptr [ebp+122D387Fh] 0x0000002d push 00000000h 0x0000002f jmp 00007FD4D8EE5C57h 0x00000034 push 431A7673h 0x00000039 pushad 0x0000003a push ecx 0x0000003b jmp 00007FD4D8EE5C56h 0x00000040 pop ecx 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EF736 second address: 14EF73A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EF73A second address: 14EF7C2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD4D8EE5C46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b xor dword ptr [esp], 431A76F3h 0x00000012 adc esi, 65587EEEh 0x00000018 push 00000003h 0x0000001a jl 00007FD4D8EE5C4Ch 0x00000020 mov ecx, dword ptr [ebp+122D19D7h] 0x00000026 push 00000000h 0x00000028 sub dword ptr [ebp+122D34C2h], eax 0x0000002e push 00000003h 0x00000030 jmp 00007FD4D8EE5C50h 0x00000035 call 00007FD4D8EE5C49h 0x0000003a push ebx 0x0000003b pushad 0x0000003c pushad 0x0000003d popad 0x0000003e jnl 00007FD4D8EE5C46h 0x00000044 popad 0x00000045 pop ebx 0x00000046 push eax 0x00000047 jmp 00007FD4D8EE5C4Fh 0x0000004c mov eax, dword ptr [esp+04h] 0x00000050 push esi 0x00000051 jmp 00007FD4D8EE5C51h 0x00000056 pop esi 0x00000057 mov eax, dword ptr [eax] 0x00000059 push eax 0x0000005a push edx 0x0000005b push ecx 0x0000005c jg 00007FD4D8EE5C46h 0x00000062 pop ecx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EF7C2 second address: 14EF7DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8B994A8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EF8B3 second address: 14EF8F6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD4D8EE5C4Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007FD4D8EE5C4Ah 0x00000012 push 00000000h 0x00000014 sub si, 558Ch 0x00000019 call 00007FD4D8EE5C49h 0x0000001e push eax 0x0000001f push edx 0x00000020 jg 00007FD4D8EE5C54h 0x00000026 jmp 00007FD4D8EE5C4Eh 0x0000002b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EF8F6 second address: 14EF8FB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EF8FB second address: 14EF958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FD4D8EE5C55h 0x0000000f jmp 00007FD4D8EE5C58h 0x00000014 popad 0x00000015 jnc 00007FD4D8EE5C4Ch 0x0000001b popad 0x0000001c mov eax, dword ptr [esp+04h] 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FD4D8EE5C52h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EFA40 second address: 14EFA46 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EFA46 second address: 14EFA9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EE5C57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push esi 0x0000000e push ecx 0x0000000f jnp 00007FD4D8EE5C46h 0x00000015 pop ecx 0x00000016 pop esi 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a jns 00007FD4D8EE5C48h 0x00000020 pushad 0x00000021 popad 0x00000022 jmp 00007FD4D8EE5C59h 0x00000027 popad 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 push edx 0x00000031 pop edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EFA9E second address: 14EFAA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EFAA4 second address: 14EFAB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8EE5C4Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EFAB7 second address: 14EFABB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14EFABB second address: 14EFAF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov ecx, edi 0x0000000b lea ebx, dword ptr [ebp+1244744Bh] 0x00000011 xor dword ptr [ebp+122D2719h], edx 0x00000017 xchg eax, ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jmp 00007FD4D8EEB833h 0x00000020 jmp 00007FD4D8EEB82Eh 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 150F6B2 second address: 150F6B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 150F88B second address: 150F8A8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FD4D8EEB838h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 150F8A8 second address: 150F8B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 150FF79 second address: 150FF7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 150FF7D second address: 150FF83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 150FF83 second address: 150FF8E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 je 00007FD4D8EEB826h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15100DF second address: 15100E9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FD4D8D06B86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15103B5 second address: 15103F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007FD4D8EEB845h 0x0000000b jc 00007FD4D8EEB826h 0x00000011 jmp 00007FD4D8EEB839h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FD4D8EEB82Dh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15103F0 second address: 15103F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15106D9 second address: 1510722 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD4D8EEB837h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD4D8EEB830h 0x00000011 jo 00007FD4D8EEB83Bh 0x00000017 jmp 00007FD4D8EEB82Fh 0x0000001c js 00007FD4D8EEB826h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14DD599 second address: 14DD5A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14DD5A1 second address: 14DD5B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007FD4D8EEB826h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151088B second address: 151088F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151088F second address: 151089B instructions: 0x00000000 rdtsc 0x00000002 je 00007FD4D8EEB826h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1511594 second address: 151159A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151159A second address: 151159E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151159E second address: 15115E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B98h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FD4D8D06B95h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD4D8D06B92h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15115E5 second address: 15115E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1513492 second address: 1513498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1513498 second address: 151349C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151349C second address: 15134AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007FD4D8D06B86h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15134AB second address: 15134B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15134B3 second address: 15134C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007FD4D8D06B86h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15134C2 second address: 15134E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD4D8EEB837h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnl 00007FD4D8EEB826h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15134E8 second address: 1513516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8D06B97h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD4D8D06B90h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1514901 second address: 151491A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8EEB835h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151491A second address: 151491E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151491E second address: 151493A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8EEB833h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151493A second address: 1514940 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1514940 second address: 151494E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jnp 00007FD4D8EEB826h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151494E second address: 1514954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E5C7C second address: 14E5C87 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jc 00007FD4D8EEB826h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E40D6 second address: 14E40DD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E40DD second address: 14E4146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 je 00007FD4D8EEB84Bh 0x0000000b jmp 00007FD4D8EEB837h 0x00000010 jmp 00007FD4D8EEB82Eh 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 jg 00007FD4D8EEB843h 0x0000001e jmp 00007FD4D8EEB82Ch 0x00000023 pushad 0x00000024 push edi 0x00000025 pop edi 0x00000026 push eax 0x00000027 pop eax 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E4146 second address: 14E414F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E414F second address: 14E4153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E4153 second address: 14E4157 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151A517 second address: 151A51B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151E9B4 second address: 151E9C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FD4D8D06B86h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151E050 second address: 151E056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151E056 second address: 151E061 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FD4D8D06B86h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151E061 second address: 151E066 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151E066 second address: 151E074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FD4D8D06B86h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151E7EB second address: 151E7F0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151E7F0 second address: 151E820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8D06B97h 0x00000009 pop ebx 0x0000000a push edi 0x0000000b jmp 00007FD4D8D06B8Ch 0x00000010 pop edi 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ebx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151E820 second address: 151E826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 151E826 second address: 151E84A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD4D8D06B86h 0x0000000a jmp 00007FD4D8D06B8Ch 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD4D8D06B8Bh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521E91 second address: 1521E97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521F00 second address: 1521F04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521F04 second address: 1521F43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a ja 00007FD4D8EEB83Fh 0x00000010 push edx 0x00000011 jmp 00007FD4D8EEB837h 0x00000016 pop edx 0x00000017 mov eax, dword ptr [eax] 0x00000019 jns 00007FD4D8EEB83Ah 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FD4D8EEB82Ch 0x00000026 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1522255 second address: 152225B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15225DC second address: 15225E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15225E5 second address: 15225E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15225E9 second address: 15225FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007FD4D8EEB82Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1522F7E second address: 1522F92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1522F92 second address: 1522F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15235C2 second address: 15235C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1523F28 second address: 1523F2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1523F2C second address: 1523F32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1523F32 second address: 1523F38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1523F38 second address: 1523F3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1523F3C second address: 1523F40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1523FD8 second address: 1523FDE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15259BC second address: 15259F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FD4D8EEB837h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f mov dword ptr [ebp+122D29E0h], edx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 mov dword ptr [ebp+122D3214h], esi 0x0000001f push eax 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15257C5 second address: 15257CB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15259F3 second address: 15259F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152786B second address: 152786F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152786F second address: 1527891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD4D8EEB836h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152765F second address: 1527663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1527891 second address: 152789B instructions: 0x00000000 rdtsc 0x00000002 je 00007FD4D8EEB826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152789B second address: 1527913 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jnc 00007FD4D8D06B86h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f jmp 00007FD4D8D06B99h 0x00000014 push 00000000h 0x00000016 xor dword ptr [ebp+122D1A5Bh], esi 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ebx 0x00000021 call 00007FD4D8D06B88h 0x00000026 pop ebx 0x00000027 mov dword ptr [esp+04h], ebx 0x0000002b add dword ptr [esp+04h], 0000001Ah 0x00000033 inc ebx 0x00000034 push ebx 0x00000035 ret 0x00000036 pop ebx 0x00000037 ret 0x00000038 push edi 0x00000039 call 00007FD4D8D06B94h 0x0000003e mov si, cx 0x00000041 pop esi 0x00000042 pop esi 0x00000043 push eax 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 jg 00007FD4D8D06B86h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15283E1 second address: 15283E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1528118 second address: 152811C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152811C second address: 1528126 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152A32D second address: 152A3A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007FD4D8D06B88h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 jne 00007FD4D8D06B8Ch 0x00000029 jmp 00007FD4D8D06B8Ah 0x0000002e push 00000000h 0x00000030 mov dword ptr [ebp+12478083h], eax 0x00000036 push 00000000h 0x00000038 je 00007FD4D8D06B9Bh 0x0000003e jmp 00007FD4D8D06B95h 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007FD4D8D06B8Fh 0x0000004b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1528126 second address: 152812A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152A3A3 second address: 152A3A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152CA8F second address: 152CAF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB833h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c jg 00007FD4D8EEB826h 0x00000012 pop eax 0x00000013 pop eax 0x00000014 nop 0x00000015 xor dword ptr [ebp+122D320Fh], edi 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ebx 0x00000020 call 00007FD4D8EEB828h 0x00000025 pop ebx 0x00000026 mov dword ptr [esp+04h], ebx 0x0000002a add dword ptr [esp+04h], 0000001Ah 0x00000032 inc ebx 0x00000033 push ebx 0x00000034 ret 0x00000035 pop ebx 0x00000036 ret 0x00000037 push 00000000h 0x00000039 mov edi, esi 0x0000003b push eax 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007FD4D8EEB830h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152FA18 second address: 152FA2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152EC8B second address: 152ED09 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD4D8EEB836h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jc 00007FD4D8EEB82Ch 0x00000011 pushad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 nop 0x00000018 jno 00007FD4D8EEB82Ch 0x0000001e mov edi, dword ptr [ebp+122D3687h] 0x00000024 push dword ptr fs:[00000000h] 0x0000002b xor bx, 4F0Fh 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 and bl, FFFFFFE1h 0x0000003a mov eax, dword ptr [ebp+122D08F1h] 0x00000040 mov ebx, dword ptr [ebp+122D36B7h] 0x00000046 push FFFFFFFFh 0x00000048 or dword ptr [ebp+122D2827h], esi 0x0000004e nop 0x0000004f jnc 00007FD4D8EEB832h 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152ED09 second address: 152ED13 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD4D8D06B86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152ED13 second address: 152ED19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1533136 second address: 153313A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153313A second address: 1533140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1533140 second address: 15331AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d cmc 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007FD4D8D06B88h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007FD4D8D06B88h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 00000017h 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 pushad 0x00000047 adc edi, 42326500h 0x0000004d or ecx, 29548085h 0x00000053 popad 0x00000054 xchg eax, esi 0x00000055 push eax 0x00000056 push edx 0x00000057 jo 00007FD4D8D06B88h 0x0000005d push ecx 0x0000005e pop ecx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15331AF second address: 15331CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB830h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FD4D8EEB82Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15331CE second address: 15331D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1533364 second address: 153340D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB832h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dword ptr [ebp+124474B8h], edi 0x00000012 push dword ptr fs:[00000000h] 0x00000019 xor dword ptr [ebp+122D3363h], edi 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push eax 0x00000029 call 00007FD4D8EEB828h 0x0000002e pop eax 0x0000002f mov dword ptr [esp+04h], eax 0x00000033 add dword ptr [esp+04h], 0000001Bh 0x0000003b inc eax 0x0000003c push eax 0x0000003d ret 0x0000003e pop eax 0x0000003f ret 0x00000040 mov ebx, dword ptr [ebp+12458AA0h] 0x00000046 mov eax, dword ptr [ebp+122D0EB5h] 0x0000004c mov dword ptr [ebp+122D3472h], eax 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push edx 0x00000057 call 00007FD4D8EEB828h 0x0000005c pop edx 0x0000005d mov dword ptr [esp+04h], edx 0x00000061 add dword ptr [esp+04h], 0000001Ch 0x00000069 inc edx 0x0000006a push edx 0x0000006b ret 0x0000006c pop edx 0x0000006d ret 0x0000006e call 00007FD4D8EEB82Ah 0x00000073 mov bx, E4B3h 0x00000077 pop edi 0x00000078 mov edi, dword ptr [ebp+122D37EFh] 0x0000007e nop 0x0000007f push eax 0x00000080 push eax 0x00000081 push edx 0x00000082 push edi 0x00000083 pop edi 0x00000084 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15342E7 second address: 15342EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15360B2 second address: 15360B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15360B6 second address: 15360BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15342EB second address: 153435C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov bl, 85h 0x0000000c push dword ptr fs:[00000000h] 0x00000013 pushad 0x00000014 sub esi, dword ptr [ebp+122D3653h] 0x0000001a call 00007FD4D8EEB82Ch 0x0000001f cld 0x00000020 pop ebx 0x00000021 popad 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push edi 0x0000002a jnl 00007FD4D8EEB829h 0x00000030 pop ebx 0x00000031 mov eax, dword ptr [ebp+122D0805h] 0x00000037 jbe 00007FD4D8EEB82Ch 0x0000003d mov edi, dword ptr [ebp+122D385Fh] 0x00000043 push FFFFFFFFh 0x00000045 pushad 0x00000046 jnl 00007FD4D8EEB828h 0x0000004c sub dword ptr [ebp+122D2831h], edx 0x00000052 popad 0x00000053 push eax 0x00000054 pushad 0x00000055 jns 00007FD4D8EEB828h 0x0000005b js 00007FD4D8EEB82Ch 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15360BC second address: 153615A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnp 00007FD4D8D06B90h 0x0000000f nop 0x00000010 add dword ptr [ebp+122D350Ch], ebx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007FD4D8D06B88h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007FD4D8D06B88h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 00000017h 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e jmp 00007FD4D8D06B98h 0x00000053 add dword ptr [ebp+122D31B4h], ecx 0x00000059 xchg eax, esi 0x0000005a push eax 0x0000005b push edx 0x0000005c jnp 00007FD4D8D06B98h 0x00000062 jmp 00007FD4D8D06B92h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153615A second address: 153615F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15371BA second address: 15371BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15371BE second address: 15371C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15371C2 second address: 1537242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FD4D8D06B8Ch 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f pushad 0x00000010 jne 00007FD4D8D06B86h 0x00000016 jc 00007FD4D8D06B86h 0x0000001c popad 0x0000001d push ecx 0x0000001e jmp 00007FD4D8D06B99h 0x00000023 pop ecx 0x00000024 popad 0x00000025 nop 0x00000026 push 00000000h 0x00000028 mov dword ptr [ebp+122D1782h], ecx 0x0000002e push ecx 0x0000002f mov ebx, edi 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007FD4D8D06B88h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e mov bl, D4h 0x00000050 pushad 0x00000051 stc 0x00000052 mov ah, 50h 0x00000054 popad 0x00000055 xchg eax, esi 0x00000056 push edi 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1537242 second address: 153724F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153724F second address: 1537253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153630A second address: 1536310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1536310 second address: 1536314 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1538203 second address: 1538275 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FD4D8EEB828h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D17F1h], edi 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ebx 0x0000002e call 00007FD4D8EEB828h 0x00000033 pop ebx 0x00000034 mov dword ptr [esp+04h], ebx 0x00000038 add dword ptr [esp+04h], 0000001Ch 0x00000040 inc ebx 0x00000041 push ebx 0x00000042 ret 0x00000043 pop ebx 0x00000044 ret 0x00000045 mov edi, dword ptr [ebp+122D3237h] 0x0000004b push 00000000h 0x0000004d sbb edi, 3514FFD5h 0x00000053 xor bx, B721h 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b push edi 0x0000005c pushad 0x0000005d popad 0x0000005e pop edi 0x0000005f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1535241 second address: 1535245 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1535245 second address: 153524B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153524B second address: 1535251 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1535251 second address: 1535255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153A45A second address: 153A460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153A460 second address: 153A46F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153A46F second address: 153A48D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FD4D8D06B8Eh 0x0000000c push edi 0x0000000d pop edi 0x0000000e jbe 00007FD4D8D06B86h 0x00000014 jbe 00007FD4D8D06B8Eh 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153AB37 second address: 153AB3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153BC7F second address: 153BC8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FD4D8D06B86h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153AD85 second address: 153AD8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153BC8A second address: 153BCD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 ja 00007FD4D8D06B90h 0x0000000e nop 0x0000000f or dword ptr [ebp+1244F26Dh], eax 0x00000015 push 00000000h 0x00000017 mov dword ptr [ebp+122D1782h], eax 0x0000001d push 00000000h 0x0000001f mov dword ptr [ebp+122DB69Dh], ebx 0x00000025 push eax 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FD4D8D06B96h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153E412 second address: 153E416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153E416 second address: 153E41A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153BE91 second address: 153BEA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB832h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153E41A second address: 153E427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153E427 second address: 153E42C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153BF39 second address: 153BF55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8D06B98h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153F5DC second address: 153F5E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153F5E0 second address: 153F5F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 js 00007FD4D8D06B98h 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007FD4D8D06B86h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 153F5F5 second address: 153F5F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15484D7 second address: 15484DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15484DB second address: 15484E8 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD4D8EEB826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15484E8 second address: 154851E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8D06B96h 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD4D8D06B91h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 154851E second address: 1548522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1548522 second address: 1548526 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1547C0C second address: 1547C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1547C11 second address: 1547C20 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 jng 00007FD4D8D06B86h 0x0000000b pop ecx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1547C20 second address: 1547C26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1547D70 second address: 1547D74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1547D74 second address: 1547D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 154803F second address: 1548045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1548045 second address: 154804F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 154804F second address: 1548055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1548055 second address: 154805A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 154BBDE second address: 154BC03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD4D8D06B86h 0x0000000a jmp 00007FD4D8D06B8Bh 0x0000000f jmp 00007FD4D8D06B8Fh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 154BC03 second address: 154BC09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1552055 second address: 155205E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 155205E second address: 155207D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FD4D8EEB826h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f jnc 00007FD4D8EEB82Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 155889D second address: 15588BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B98h 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007FD4D8D06B86h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15588BF second address: 15588C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15588C3 second address: 1558909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8D06B94h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007FD4D8D06B8Ah 0x00000015 ja 00007FD4D8D06B86h 0x0000001b popad 0x0000001c jmp 00007FD4D8D06B96h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1558909 second address: 155890E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 155890E second address: 1558918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1557B4F second address: 1557B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FD4D8EEB826h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1557B5E second address: 1557B62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1557B62 second address: 1557B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1557B68 second address: 1557B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E2652 second address: 14E265E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FD4D8EEB826h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E265E second address: 14E2667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E2667 second address: 14E266D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15580B3 second address: 15580CE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FD4D8D06B8Ah 0x00000008 pop edx 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d pop eax 0x0000000e jno 00007FD4D8D06B86h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15585BA second address: 15585C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15585C0 second address: 15585CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15585CB second address: 1558605 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB839h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FD4D8EEB836h 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 155EBB6 second address: 155EBCE instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD4D8D06B86h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 155EBCE second address: 155EBD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 155EBD4 second address: 155EBD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 156337B second address: 1563395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8EEB836h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1520694 second address: 152069E instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD4D8D06B86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 152069E second address: 15206A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1520D32 second address: 1520D36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1520D36 second address: 1520D3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1520D3A second address: 1520D40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1520E25 second address: 1520E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1520E29 second address: 1520E42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B95h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1520EA9 second address: 1520EB2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1520FB2 second address: 1520FF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FD4D8D06B99h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push esi 0x00000015 jbe 00007FD4D8D06B88h 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d pop esi 0x0000001e mov eax, dword ptr [eax] 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 js 00007FD4D8D06B86h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1520FF6 second address: 1521011 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007FD4D8EEB826h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 pushad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521011 second address: 152102F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FD4D8D06B97h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521122 second address: 1521128 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521128 second address: 152112C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15216B7 second address: 15216BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521A54 second address: 1521A5E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD4D8D06B86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521A5E second address: 1521ABE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edi, 13F50905h 0x0000000e mov ecx, dword ptr [ebp+122D3777h] 0x00000014 lea eax, dword ptr [ebp+1247846Bh] 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007FD4D8EEB828h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 0000001Ah 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 xor edi, 4974F253h 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e jmp 00007FD4D8EEB838h 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521ABE second address: 1521AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521AC3 second address: 1507FFD instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD4D8EEB83Bh 0x00000008 jmp 00007FD4D8EEB835h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 movzx edi, si 0x00000015 lea eax, dword ptr [ebp+12478427h] 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007FD4D8EEB828h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 xor dword ptr [ebp+122D2863h], ebx 0x0000003b push eax 0x0000003c jmp 00007FD4D8EEB830h 0x00000041 mov dword ptr [esp], eax 0x00000044 push 00000000h 0x00000046 push edx 0x00000047 call 00007FD4D8EEB828h 0x0000004c pop edx 0x0000004d mov dword ptr [esp+04h], edx 0x00000051 add dword ptr [esp+04h], 00000015h 0x00000059 inc edx 0x0000005a push edx 0x0000005b ret 0x0000005c pop edx 0x0000005d ret 0x0000005e or edi, 007856D6h 0x00000064 pushad 0x00000065 mov dx, si 0x00000068 mov dword ptr [ebp+122D1856h], ecx 0x0000006e popad 0x0000006f call dword ptr [ebp+122D3221h] 0x00000075 push eax 0x00000076 push edx 0x00000077 jmp 00007FD4D8EEB835h 0x0000007c push eax 0x0000007d push edx 0x0000007e push edi 0x0000007f pop edi 0x00000080 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1507FFD second address: 1508009 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007FD4D8D06B86h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1508009 second address: 150801A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FD4D8EEB82Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 150801A second address: 150804B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jnl 00007FD4D8D06B86h 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 popad 0x00000016 pushad 0x00000017 jp 00007FD4D8D06B86h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FD4D8D06B8Dh 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 150804B second address: 1508056 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 156264E second address: 1562663 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD4D8D06B8Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15627B9 second address: 15627C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 jnp 00007FD4D8EEB826h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15627C8 second address: 15627E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jng 00007FD4D8D06B86h 0x0000000c pushad 0x0000000d popad 0x0000000e jnp 00007FD4D8D06B86h 0x00000014 popad 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15627E0 second address: 15627F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8EEB82Bh 0x00000009 pop esi 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 156294B second address: 1562954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1562954 second address: 1562966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8EEB82Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1562966 second address: 156296E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E0B56 second address: 14E0B5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E0B5A second address: 14E0B6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E0B6C second address: 14E0B7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FD4D8EEB826h 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1562FD8 second address: 1562FDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15679BC second address: 15679C6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15679C6 second address: 15679D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FD4D8D06B86h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1567B43 second address: 1567B47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1568783 second address: 1568787 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1568787 second address: 15687A2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD4D8EEB826h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d jg 00007FD4D8EEB840h 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007FD4D8EEB826h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1568D6C second address: 1568D70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1568D70 second address: 1568D76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1568D76 second address: 1568D9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a js 00007FD4D8D06B98h 0x00000010 jmp 00007FD4D8D06B8Ch 0x00000015 jne 00007FD4D8D06B86h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1568D9C second address: 1568DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1568DA2 second address: 1568DA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1568DA6 second address: 1568DAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1570A2F second address: 1570A35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1570A35 second address: 1570A3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157157A second address: 157157E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157157E second address: 157158E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jne 00007FD4D8EEB826h 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157158E second address: 15715D0 instructions: 0x00000000 rdtsc 0x00000002 js 00007FD4D8D06B88h 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007FD4D8D06B92h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 jmp 00007FD4D8D06B97h 0x00000018 push edi 0x00000019 pop edi 0x0000001a popad 0x0000001b js 00007FD4D8D06B9Fh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15715D0 second address: 1571600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8EEB833h 0x00000009 jmp 00007FD4D8EEB833h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1571A2A second address: 1571A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1574674 second address: 1574692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FD4D8EEB835h 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15747F9 second address: 157480A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007FD4D8D06B86h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157480A second address: 157482E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FD4D8EEB837h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157482E second address: 1574834 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1574834 second address: 157483A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157483A second address: 1574840 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15773BF second address: 15773CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007FD4D8EEB82Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15770A7 second address: 15770B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD4D8D06B86h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15770B1 second address: 15770BB instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD4D8EEB826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15770BB second address: 15770E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8D06B99h 0x00000009 jmp 00007FD4D8D06B8Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157C155 second address: 157C160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157EECB second address: 157EED1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157EED1 second address: 157EED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157EED7 second address: 157EF0F instructions: 0x00000000 rdtsc 0x00000002 jo 00007FD4D8D06B9Eh 0x00000008 jmp 00007FD4D8D06B98h 0x0000000d jmp 00007FD4D8D06B8Dh 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 jne 00007FD4D8D06BA4h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157EF0F second address: 157EF33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8EEB838h 0x00000009 jg 00007FD4D8EEB82Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157F4CD second address: 157F4D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157F4D1 second address: 157F4DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157F4DA second address: 157F4E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157F4E4 second address: 157F4EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 157F4EA second address: 157F512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8D06B92h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FD4D8D06B8Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1585310 second address: 158531B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FD4D8EEB826h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158531B second address: 158533C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FD4D8D06B92h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1583C83 second address: 1583C87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1583C87 second address: 1583CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FD4D8D06B99h 0x0000000c popad 0x0000000d jng 00007FD4D8D06B94h 0x00000013 pushad 0x00000014 jnp 00007FD4D8D06B86h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1583DEA second address: 1583E16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB834h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jp 00007FD4D8EEB82Ah 0x00000010 pushad 0x00000011 jp 00007FD4D8EEB826h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1583E16 second address: 1583E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1583F8D second address: 1583F9C instructions: 0x00000000 rdtsc 0x00000002 js 00007FD4D8EEB826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15840F0 second address: 15840FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1584250 second address: 1584256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1584256 second address: 158425C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15843F7 second address: 1584427 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FD4D8EEB82Eh 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push edi 0x0000000e pop edi 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push esi 0x00000015 jmp 00007FD4D8EEB82Bh 0x0000001a push eax 0x0000001b push edx 0x0000001c jno 00007FD4D8EEB826h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15213FC second address: 1521491 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B96h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b jmp 00007FD4D8D06B96h 0x00000010 nop 0x00000011 pushad 0x00000012 call 00007FD4D8D06B8Dh 0x00000017 sub cx, 2C80h 0x0000001c pop edx 0x0000001d pushad 0x0000001e mov ax, bx 0x00000021 mov eax, dword ptr [ebp+122D38BFh] 0x00000027 popad 0x00000028 popad 0x00000029 mov ebx, dword ptr [ebp+12478466h] 0x0000002f mov ecx, dword ptr [ebp+122D28D8h] 0x00000035 add eax, ebx 0x00000037 push 00000000h 0x00000039 push edi 0x0000003a call 00007FD4D8D06B88h 0x0000003f pop edi 0x00000040 mov dword ptr [esp+04h], edi 0x00000044 add dword ptr [esp+04h], 0000001Ch 0x0000004c inc edi 0x0000004d push edi 0x0000004e ret 0x0000004f pop edi 0x00000050 ret 0x00000051 mov edx, 769CD496h 0x00000056 nop 0x00000057 jc 00007FD4D8D06B98h 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521491 second address: 1521495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1521495 second address: 15214BE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FD4D8D06B86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FD4D8D06B95h 0x00000011 js 00007FD4D8D06B8Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158501A second address: 158501E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158501E second address: 1585050 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B94h 0x00000007 jmp 00007FD4D8D06B94h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1585050 second address: 1585056 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1585056 second address: 158505D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158FCC1 second address: 158FCE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 je 00007FD4D8EEB826h 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD4D8EEB839h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158FCE9 second address: 158FD02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Bh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158FD02 second address: 158FD06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158DF66 second address: 158DF6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158E0CE second address: 158E100 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB835h 0x00000007 jmp 00007FD4D8EEB839h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158E638 second address: 158E64B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD4D8D06B86h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158E64B second address: 158E64F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158E64F second address: 158E655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158EED2 second address: 158EEFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FD4D8EEB832h 0x0000000a jo 00007FD4D8EEB826h 0x00000010 js 00007FD4D8EEB826h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FD4D8EEB831h 0x0000001d push eax 0x0000001e pop eax 0x0000001f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158EEFD second address: 158EF01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158EF01 second address: 158EF0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158EF0F second address: 158EF42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007FD4D8D06B8Fh 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FD4D8D06B99h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158EF42 second address: 158EF48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158EF48 second address: 158EF4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158EF4C second address: 158EF52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158F462 second address: 158F466 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158F466 second address: 158F48C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8EEB839h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158F48C second address: 158F49C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007FD4D8D06B92h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158F49C second address: 158F4A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FD4D8EEB826h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158F71C second address: 158F720 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158F720 second address: 158F733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 jl 00007FD4D8EEB844h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158F733 second address: 158F737 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 158FA2F second address: 158FA39 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD4D8EEB82Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1593E18 second address: 1593E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1593E1C second address: 1593E20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1593E20 second address: 1593E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jnp 00007FD4D8D06B86h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1593E30 second address: 1593E3A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FD4D8EEB826h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1593E3A second address: 1593E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d jnc 00007FD4D8D06B86h 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FD4D8D06B98h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f jne 00007FD4D8D06B86h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1593E72 second address: 1593E76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1592F97 second address: 1592FB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jno 00007FD4D8D06B86h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FD4D8D06B8Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1592FB3 second address: 1592FDA instructions: 0x00000000 rdtsc 0x00000002 jns 00007FD4D8EEB826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD4D8EEB82Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 jbe 00007FD4D8EEB826h 0x0000001b jp 00007FD4D8EEB826h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1592FDA second address: 1592FE4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FD4D8D06B86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1592FE4 second address: 1592FE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1592FE9 second address: 1592FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15935B7 second address: 15935BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15935BB second address: 15935BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1593707 second address: 159370B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 159370B second address: 1593711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1593829 second address: 159382D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 159382D second address: 1593831 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1593831 second address: 1593841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jbe 00007FD4D8EEB826h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15939DE second address: 15939E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 159EC6A second address: 159EC70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 159EC70 second address: 159EC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 159EC74 second address: 159EC84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007FD4D8EEB826h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 159F7B6 second address: 159F7D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8D06B8Eh 0x00000009 ja 00007FD4D8D06B86h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 159F7D3 second address: 159F7DB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 159F928 second address: 159F92C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 159F92C second address: 159F949 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB839h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 159F949 second address: 159F950 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 14E412F second address: 14E4146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8EEB82Ch 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15A7EB9 second address: 15A7EBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15A7EBD second address: 15A7ED7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB831h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15A7ED7 second address: 15A7EEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FD4D8D06B86h 0x0000000a jnc 00007FD4D8D06B86h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15B6A6B second address: 15B6A71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15B6A71 second address: 15B6A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15B6A7C second address: 15B6A80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15B6A80 second address: 15B6A8A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FD4D8D06B86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15B6A8A second address: 15B6A91 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15B6A91 second address: 15B6A9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15B6A9D second address: 15B6AB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FD4D8EEB826h 0x0000000a popad 0x0000000b jmp 00007FD4D8EEB82Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15B652A second address: 15B652E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15B669D second address: 15B66A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15BB5ED second address: 15BB61E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pop edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop eax 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD4D8D06B96h 0x00000014 jmp 00007FD4D8D06B8Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15C66D9 second address: 15C66E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FD4D8EEB826h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15C66E3 second address: 15C6705 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B95h 0x00000007 js 00007FD4D8D06B86h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15C6705 second address: 15C670A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15CCA71 second address: 15CCA8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD4D8D06B8Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jnp 00007FD4D8D06B86h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15CCA8C second address: 15CCA94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15D3126 second address: 15D313C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FD4D8D06B90h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15D313C second address: 15D3164 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD4D8EEB83Eh 0x00000008 jmp 00007FD4D8EEB838h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15D32C1 second address: 15D32C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15D345F second address: 15D3466 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15D3733 second address: 15D373B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15D373B second address: 15D3755 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD4D8EEB826h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f jmp 00007FD4D8EEB82Ah 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15D8929 second address: 15D892F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15D892F second address: 15D8935 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15DD0E3 second address: 15DD111 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop edi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD4D8D06B90h 0x00000012 jmp 00007FD4D8D06B91h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 15DCF8C second address: 15DCF90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1612F3A second address: 1612F5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8D06B8Dh 0x00000009 popad 0x0000000a jnl 00007FD4D8D06B92h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1612F5E second address: 1612F72 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c jnp 00007FD4D8EEB826h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1612F72 second address: 1612F7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 162433F second address: 162434E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB82Ah 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 162434E second address: 162435E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jng 00007FD4D8D06BB7h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 162435E second address: 1624387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8EEB832h 0x00000009 jmp 00007FD4D8EEB82Bh 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push ecx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1626DEF second address: 1626DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1626F19 second address: 1626F1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1626F1D second address: 1626F27 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FD4D8D06B86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 162988C second address: 1629892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1629892 second address: 162989B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 162989B second address: 162989F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 162971E second address: 1629724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 1629724 second address: 162972F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FD4D8EEB826h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16ED9C0 second address: 16ED9D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FD4D8D06B90h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EDB61 second address: 16EDB65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EDB65 second address: 16EDB71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EDB71 second address: 16EDB86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB831h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EDEA0 second address: 16EDEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EDEAB second address: 16EDEB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FD4D8EEB826h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EDEB5 second address: 16EDEC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EDEC1 second address: 16EDECD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FD4D8EEB826h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EDECD second address: 16EDED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EDED1 second address: 16EDED5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EDED5 second address: 16EDEDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EE00C second address: 16EE016 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FD4D8EEB82Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16EE735 second address: 16EE751 instructions: 0x00000000 rdtsc 0x00000002 je 00007FD4D8D06B86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b pushad 0x0000000c js 00007FD4D8D06B88h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jne 00007FD4D8D06B86h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F173E second address: 16F1742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F1928 second address: 16F192E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F1B76 second address: 16F1B7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F1B7A second address: 16F1BC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 nop 0x00000008 and edx, 16D0A9BEh 0x0000000e mov edx, dword ptr [ebp+122D1A62h] 0x00000014 push dword ptr [ebp+122D3011h] 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007FD4D8D06B88h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 00000016h 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 mov dword ptr [ebp+122D2AE0h], eax 0x0000003a push 6BEE8396h 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F1BC3 second address: 16F1BC9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F4D2A second address: 16F4D35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F4D35 second address: 16F4D39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F4D39 second address: 16F4D60 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FD4D8D06B86h 0x00000008 jmp 00007FD4D8D06B94h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 js 00007FD4D8D06B86h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F4D60 second address: 16F4D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F4D66 second address: 16F4D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F4D74 second address: 16F4D7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F4D7A second address: 16F4D8A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FD4D8D06B86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F48D8 second address: 16F48DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F48DE second address: 16F48E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F48E4 second address: 16F48E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F48E8 second address: 16F490D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007FD4D8D06B8Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F693F second address: 16F6943 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F6943 second address: 16F6949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 16F6949 second address: 16F694F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00008 second address: 7A0000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0000C second address: 7A00029 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB839h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00029 second address: 7A00086 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FD4D8D06B8Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov bx, 4E14h 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FD4D8D06B93h 0x0000001c jmp 00007FD4D8D06B93h 0x00000021 popfd 0x00000022 mov dl, cl 0x00000024 popad 0x00000025 popad 0x00000026 xchg eax, ebp 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00086 second address: 7A0008A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0008A second address: 7A0013B instructions: 0x00000000 rdtsc 0x00000002 mov ah, 36h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 pushad 0x0000000a mov ax, bx 0x0000000d pushfd 0x0000000e jmp 00007FD4D8D06B8Dh 0x00000013 or ecx, 20F59D96h 0x00000019 jmp 00007FD4D8D06B91h 0x0000001e popfd 0x0000001f popad 0x00000020 mov eax, dword ptr fs:[00000030h] 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007FD4D8D06B8Ch 0x0000002d sbb ah, FFFFFFB8h 0x00000030 jmp 00007FD4D8D06B8Bh 0x00000035 popfd 0x00000036 call 00007FD4D8D06B98h 0x0000003b push eax 0x0000003c pop edi 0x0000003d pop esi 0x0000003e popad 0x0000003f sub esp, 18h 0x00000042 jmp 00007FD4D8D06B8Dh 0x00000047 xchg eax, ebx 0x00000048 jmp 00007FD4D8D06B8Eh 0x0000004d push eax 0x0000004e jmp 00007FD4D8D06B8Bh 0x00000053 xchg eax, ebx 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 mov al, bl 0x00000059 jmp 00007FD4D8D06B8Ch 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0013B second address: 7A001B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD4D8EEB831h 0x00000009 sbb eax, 65441DC6h 0x0000000f jmp 00007FD4D8EEB831h 0x00000014 popfd 0x00000015 jmp 00007FD4D8EEB830h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ebx, dword ptr [eax+10h] 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007FD4D8EEB82Eh 0x00000027 adc eax, 3AA30998h 0x0000002d jmp 00007FD4D8EEB82Bh 0x00000032 popfd 0x00000033 pushad 0x00000034 mov eax, 2020A7E5h 0x00000039 mov edx, eax 0x0000003b popad 0x0000003c popad 0x0000003d xchg eax, esi 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A001B1 second address: 7A001B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A001B5 second address: 7A001B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A001B9 second address: 7A001BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A001BF second address: 7A001C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A001C5 second address: 7A001C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A001C9 second address: 7A001E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FD4D8EEB834h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A001E8 second address: 7A001EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A001EE second address: 7A001F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A001F2 second address: 7A00236 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007FD4D8D06B99h 0x0000000e mov esi, dword ptr [759B06ECh] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FD4D8D06B98h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00236 second address: 7A00245 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB82Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00245 second address: 7A002B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FD4D8D06B8Fh 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FD4D8D06B99h 0x0000000f sbb ch, 00000066h 0x00000012 jmp 00007FD4D8D06B91h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b test esi, esi 0x0000001d jmp 00007FD4D8D06B8Eh 0x00000022 jne 00007FD4D8D07A95h 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FD4D8D06B97h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A002B9 second address: 7A002F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 pushfd 0x00000006 jmp 00007FD4D8EEB82Bh 0x0000000b sbb si, AFFEh 0x00000010 jmp 00007FD4D8EEB839h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, edi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A002F3 second address: 7A002F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A002F7 second address: 7A002FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A002FB second address: 7A00301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0047D second address: 7A0051C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB82Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, eax 0x0000000b pushad 0x0000000c jmp 00007FD4D8EEB82Eh 0x00000011 pushfd 0x00000012 jmp 00007FD4D8EEB832h 0x00000017 sbb esi, 492EE378h 0x0000001d jmp 00007FD4D8EEB82Bh 0x00000022 popfd 0x00000023 popad 0x00000024 test esi, esi 0x00000026 jmp 00007FD4D8EEB836h 0x0000002b je 00007FD546E1A9F4h 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 call 00007FD4D8EEB82Dh 0x00000039 pop eax 0x0000003a pushfd 0x0000003b jmp 00007FD4D8EEB831h 0x00000040 and esi, 4D3FE576h 0x00000046 jmp 00007FD4D8EEB831h 0x0000004b popfd 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0051C second address: 7A00522 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00522 second address: 7A00526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00526 second address: 7A00555 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B93h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub eax, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD4D8D06B92h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00555 second address: 7A0058A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB82Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi], edi 0x0000000b jmp 00007FD4D8EEB836h 0x00000010 mov dword ptr [esi+04h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov edi, 080F2970h 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0058A second address: 7A00599 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8D06B8Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00599 second address: 7A005BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+08h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD4D8EEB837h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A005BF second address: 7A005C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A005C5 second address: 7A0062B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FD4D8EEB832h 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007FD4D8EEB82Bh 0x0000000f add ax, 10DEh 0x00000014 jmp 00007FD4D8EEB839h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [esi+0Ch], eax 0x00000020 jmp 00007FD4D8EEB82Eh 0x00000025 mov eax, dword ptr [ebx+4Ch] 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FD4D8EEB82Ah 0x00000031 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0062B second address: 7A0063A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0063A second address: 7A00669 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB839h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+10h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FD4D8EEB82Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00669 second address: 7A00679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8D06B8Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00679 second address: 7A006BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB82Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+50h] 0x0000000e jmp 00007FD4D8EEB836h 0x00000013 mov dword ptr [esi+14h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FD4D8EEB837h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A006BF second address: 7A006D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8D06B94h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A006D7 second address: 7A007B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+54h] 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FD4D8EEB82Dh 0x00000012 sbb ax, 68A6h 0x00000017 jmp 00007FD4D8EEB831h 0x0000001c popfd 0x0000001d jmp 00007FD4D8EEB830h 0x00000022 popad 0x00000023 mov dword ptr [esi+18h], eax 0x00000026 jmp 00007FD4D8EEB830h 0x0000002b mov eax, dword ptr [ebx+58h] 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007FD4D8EEB82Eh 0x00000035 jmp 00007FD4D8EEB835h 0x0000003a popfd 0x0000003b mov edi, ecx 0x0000003d popad 0x0000003e mov dword ptr [esi+1Ch], eax 0x00000041 pushad 0x00000042 call 00007FD4D8EEB838h 0x00000047 mov dh, cl 0x00000049 pop edi 0x0000004a movzx esi, di 0x0000004d popad 0x0000004e mov eax, dword ptr [ebx+5Ch] 0x00000051 jmp 00007FD4D8EEB82Fh 0x00000056 mov dword ptr [esi+20h], eax 0x00000059 jmp 00007FD4D8EEB836h 0x0000005e mov eax, dword ptr [ebx+60h] 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 mov edi, 5DBEA7E0h 0x00000069 mov bx, 620Ch 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A007B6 second address: 7A007BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A007BB second address: 7A0081F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx eax, bx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esi+24h], eax 0x0000000d pushad 0x0000000e pushad 0x0000000f mov dx, AA28h 0x00000013 jmp 00007FD4D8EEB831h 0x00000018 popad 0x00000019 push ecx 0x0000001a mov bx, DF22h 0x0000001e pop ebx 0x0000001f popad 0x00000020 mov eax, dword ptr [ebx+64h] 0x00000023 jmp 00007FD4D8EEB836h 0x00000028 mov dword ptr [esi+28h], eax 0x0000002b pushad 0x0000002c mov dx, si 0x0000002f mov cx, 09C9h 0x00000033 popad 0x00000034 mov eax, dword ptr [ebx+68h] 0x00000037 pushad 0x00000038 movsx ebx, si 0x0000003b popad 0x0000003c mov dword ptr [esi+2Ch], eax 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 mov esi, ebx 0x00000044 mov ecx, edi 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0081F second address: 7A00824 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00824 second address: 7A00848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ax, word ptr [ebx+6Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD4D8EEB837h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00848 second address: 7A008D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FD4D8D06B8Fh 0x00000008 movzx esi, di 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov word ptr [esi+30h], ax 0x00000012 pushad 0x00000013 mov dh, E8h 0x00000015 mov di, cx 0x00000018 popad 0x00000019 mov ax, word ptr [ebx+00000088h] 0x00000020 pushad 0x00000021 mov dl, ah 0x00000023 pushfd 0x00000024 jmp 00007FD4D8D06B97h 0x00000029 add eax, 70DBAE4Eh 0x0000002f jmp 00007FD4D8D06B99h 0x00000034 popfd 0x00000035 popad 0x00000036 mov word ptr [esi+32h], ax 0x0000003a jmp 00007FD4D8D06B8Eh 0x0000003f mov eax, dword ptr [ebx+0000008Ch] 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FD4D8D06B8Ah 0x0000004e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A008D4 second address: 7A008D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A008D8 second address: 7A008DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A008DE second address: 7A008FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esi+34h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD4D8EEB830h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A008FF second address: 7A0090E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0090E second address: 7A00913 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00913 second address: 7A00927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, AF88h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+18h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00927 second address: 7A0092B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0092B second address: 7A00931 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00931 second address: 7A00975 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB82Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+38h], eax 0x0000000c jmp 00007FD4D8EEB836h 0x00000011 mov eax, dword ptr [ebx+1Ch] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FD4D8EEB837h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00975 second address: 7A009C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+3Ch], eax 0x0000000c jmp 00007FD4D8D06B8Eh 0x00000011 mov eax, dword ptr [ebx+20h] 0x00000014 jmp 00007FD4D8D06B90h 0x00000019 mov dword ptr [esi+40h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push ebx 0x00000020 pop ecx 0x00000021 mov dx, 4F4Ch 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A009C3 second address: 7A009F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB832h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+00000080h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD4D8EEB837h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A009F8 second address: 7A009FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A009FE second address: 7A00A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00A02 second address: 7A00A2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000001h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FD4D8D06B95h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00A2C second address: 7A00A3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8EEB82Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00A3C second address: 7A00A80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c pushad 0x0000000d mov ecx, 405F7E2Bh 0x00000012 mov ecx, 6B55D207h 0x00000017 popad 0x00000018 push eax 0x00000019 jmp 00007FD4D8D06B8Dh 0x0000001e nop 0x0000001f jmp 00007FD4D8D06B8Eh 0x00000024 lea eax, dword ptr [ebp-10h] 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00A80 second address: 7A00A84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00A84 second address: 7A00A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00B52 second address: 7A00B58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00B58 second address: 7A00B97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FD4D8D06B8Ah 0x0000000b add eax, 1814A658h 0x00000011 jmp 00007FD4D8D06B8Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [esi+04h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FD4D8D06B95h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00B97 second address: 7A00BA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8EEB82Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00BA7 second address: 7A00BCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebx+78h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD4D8D06B90h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00BCF second address: 7A00BD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00BD5 second address: 7A00BE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8D06B8Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00BE6 second address: 7A00C3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB831h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000001h 0x0000000d pushad 0x0000000e mov dx, cx 0x00000011 mov esi, 49CF179Fh 0x00000016 popad 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b movsx ebx, ax 0x0000001e pushfd 0x0000001f jmp 00007FD4D8EEB838h 0x00000024 add esi, 55D73A38h 0x0000002a jmp 00007FD4D8EEB82Bh 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00C3C second address: 7A00C7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FD4D8D06B91h 0x0000000f nop 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FD4D8D06B8Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00C7B second address: 7A00C81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00C81 second address: 7A00C85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00C85 second address: 7A00CA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB833h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebp-08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00CA7 second address: 7A00CAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00CAB second address: 7A00CC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB837h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00E09 second address: 7A00E0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00E0F second address: 7A00E98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop ebx 0x00000005 pushfd 0x00000006 jmp 00007FD4D8EEB836h 0x0000000b adc esi, 022B7048h 0x00000011 jmp 00007FD4D8EEB82Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [esi+08h], eax 0x0000001d jmp 00007FD4D8EEB836h 0x00000022 lea eax, dword ptr [ebx+70h] 0x00000025 jmp 00007FD4D8EEB830h 0x0000002a push 00000001h 0x0000002c jmp 00007FD4D8EEB830h 0x00000031 nop 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FD4D8EEB837h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00E98 second address: 7A00F7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD4D8D06B8Fh 0x00000009 add eax, 5F61DDFEh 0x0000000f jmp 00007FD4D8D06B99h 0x00000014 popfd 0x00000015 push ecx 0x00000016 pop edi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c jmp 00007FD4D8D06B93h 0x00000021 pushfd 0x00000022 jmp 00007FD4D8D06B98h 0x00000027 adc ax, 5F58h 0x0000002c jmp 00007FD4D8D06B8Bh 0x00000031 popfd 0x00000032 popad 0x00000033 nop 0x00000034 jmp 00007FD4D8D06B96h 0x00000039 lea eax, dword ptr [ebp-18h] 0x0000003c pushad 0x0000003d pushfd 0x0000003e jmp 00007FD4D8D06B8Eh 0x00000043 sub cx, B0E8h 0x00000048 jmp 00007FD4D8D06B8Bh 0x0000004d popfd 0x0000004e pushfd 0x0000004f jmp 00007FD4D8D06B98h 0x00000054 and cx, C348h 0x00000059 jmp 00007FD4D8D06B8Bh 0x0000005e popfd 0x0000005f popad 0x00000060 nop 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00F7D second address: 7A00F81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A00F81 second address: 7A00F87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01052 second address: 7A01097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FD546E19E7Eh 0x0000000b jmp 00007FD4D8EEB82Ch 0x00000010 mov eax, dword ptr [ebp-14h] 0x00000013 jmp 00007FD4D8EEB830h 0x00000018 mov ecx, esi 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FD4D8EEB837h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01097 second address: 7A010FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FD4D8D06B8Bh 0x00000009 add esi, 4696D3DEh 0x0000000f jmp 00007FD4D8D06B99h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov dword ptr [esi+0Ch], eax 0x0000001b jmp 00007FD4D8D06B8Eh 0x00000020 mov edx, 759B06ECh 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 mov ax, bx 0x0000002b jmp 00007FD4D8D06B99h 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A010FF second address: 7A01122 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB831h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub eax, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FD4D8EEB82Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01122 second address: 7A0114C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock cmpxchg dword ptr [edx], ecx 0x0000000d pushad 0x0000000e call 00007FD4D8D06B94h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0114C second address: 7A01221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007FD4D8EEB831h 0x0000000b jmp 00007FD4D8EEB82Bh 0x00000010 popfd 0x00000011 popad 0x00000012 pop edi 0x00000013 jmp 00007FD4D8EEB836h 0x00000018 test eax, eax 0x0000001a jmp 00007FD4D8EEB830h 0x0000001f jne 00007FD546E19D69h 0x00000025 jmp 00007FD4D8EEB830h 0x0000002a mov edx, dword ptr [ebp+08h] 0x0000002d jmp 00007FD4D8EEB830h 0x00000032 mov eax, dword ptr [esi] 0x00000034 pushad 0x00000035 push eax 0x00000036 pushfd 0x00000037 jmp 00007FD4D8EEB839h 0x0000003c jmp 00007FD4D8EEB82Bh 0x00000041 popfd 0x00000042 pop ecx 0x00000043 popad 0x00000044 mov dword ptr [edx], eax 0x00000046 jmp 00007FD4D8EEB82Fh 0x0000004b mov eax, dword ptr [esi+04h] 0x0000004e jmp 00007FD4D8EEB836h 0x00000053 mov dword ptr [edx+04h], eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01221 second address: 7A0123E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B99h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0123E second address: 7A01288 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 mov dl, al 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 call 00007FD4D8EEB82Ch 0x00000016 pop ecx 0x00000017 pushfd 0x00000018 jmp 00007FD4D8EEB82Bh 0x0000001d and cx, 745Eh 0x00000022 jmp 00007FD4D8EEB839h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01288 second address: 7A012C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B91h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+08h], eax 0x0000000c pushad 0x0000000d call 00007FD4D8D06B98h 0x00000012 mov dx, ax 0x00000015 pop esi 0x00000016 popad 0x00000017 mov eax, dword ptr [esi+0Ch] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A012C7 second address: 7A012CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A012CB second address: 7A012D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A012D1 second address: 7A012D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A012D7 second address: 7A012DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A012DB second address: 7A01320 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8EEB833h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+0Ch], eax 0x0000000e pushad 0x0000000f mov ecx, 51E806EBh 0x00000014 push eax 0x00000015 push edx 0x00000016 pushfd 0x00000017 jmp 00007FD4D8EEB82Eh 0x0000001c or ecx, 5E27C778h 0x00000022 jmp 00007FD4D8EEB82Bh 0x00000027 popfd 0x00000028 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01320 second address: 7A01364 instructions: 0x00000000 rdtsc 0x00000002 call 00007FD4D8D06B98h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esi+10h] 0x0000000e jmp 00007FD4D8D06B91h 0x00000013 mov dword ptr [edx+10h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FD4D8D06B8Dh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01364 second address: 7A01374 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8EEB82Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01374 second address: 7A013A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FD4D8D06B8Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+14h] 0x0000000e jmp 00007FD4D8D06B96h 0x00000013 mov dword ptr [edx+14h], eax 0x00000016 pushad 0x00000017 movzx ecx, dx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A013A7 second address: 7A01429 instructions: 0x00000000 rdtsc 0x00000002 mov cl, 40h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esi+18h] 0x0000000a pushad 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FD4D8EEB833h 0x00000012 jmp 00007FD4D8EEB833h 0x00000017 popfd 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b pushfd 0x0000001c jmp 00007FD4D8EEB836h 0x00000021 or eax, 3D71B5B8h 0x00000027 jmp 00007FD4D8EEB82Bh 0x0000002c popfd 0x0000002d popad 0x0000002e mov dword ptr [edx+18h], eax 0x00000031 jmp 00007FD4D8EEB836h 0x00000036 mov eax, dword ptr [esi+1Ch] 0x00000039 pushad 0x0000003a mov bl, al 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01429 second address: 7A0144B instructions: 0x00000000 rdtsc 0x00000002 movzx esi, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov dword ptr [edx+1Ch], eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e call 00007FD4D8D06B93h 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0144B second address: 7A01473 instructions: 0x00000000 rdtsc 0x00000002 mov dx, 15BCh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov eax, dword ptr [esi+20h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD4D8EEB838h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01473 second address: 7A01477 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01477 second address: 7A0147D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0147D second address: 7A01503 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 mov si, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [edx+20h], eax 0x0000000f pushad 0x00000010 pushad 0x00000011 mov dl, 22h 0x00000013 mov si, 416Fh 0x00000017 popad 0x00000018 pushfd 0x00000019 jmp 00007FD4D8D06B94h 0x0000001e jmp 00007FD4D8D06B95h 0x00000023 popfd 0x00000024 popad 0x00000025 mov eax, dword ptr [esi+24h] 0x00000028 jmp 00007FD4D8D06B8Eh 0x0000002d mov dword ptr [edx+24h], eax 0x00000030 pushad 0x00000031 jmp 00007FD4D8D06B8Eh 0x00000036 jmp 00007FD4D8D06B92h 0x0000003b popad 0x0000003c mov eax, dword ptr [esi+28h] 0x0000003f pushad 0x00000040 popad 0x00000041 mov dword ptr [edx+28h], eax 0x00000044 pushad 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01503 second address: 7A01519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dx, 5DD2h 0x00000009 popad 0x0000000a mov ecx, dword ptr [esi+2Ch] 0x0000000d pushad 0x0000000e mov edi, 2318D52Ah 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A01519 second address: 7A015B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [edx+2Ch], ecx 0x00000009 pushad 0x0000000a mov dh, AFh 0x0000000c popad 0x0000000d mov ax, word ptr [esi+30h] 0x00000011 pushad 0x00000012 push ebx 0x00000013 mov edi, eax 0x00000015 pop ecx 0x00000016 popad 0x00000017 mov word ptr [edx+30h], ax 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FD4D8D06B8Dh 0x00000022 add ecx, 55BAB606h 0x00000028 jmp 00007FD4D8D06B91h 0x0000002d popfd 0x0000002e pushad 0x0000002f pushfd 0x00000030 jmp 00007FD4D8D06B8Eh 0x00000035 sub ch, FFFFFFA8h 0x00000038 jmp 00007FD4D8D06B8Bh 0x0000003d popfd 0x0000003e pushfd 0x0000003f jmp 00007FD4D8D06B98h 0x00000044 or esi, 4E749708h 0x0000004a jmp 00007FD4D8D06B8Bh 0x0000004f popfd 0x00000050 popad 0x00000051 popad 0x00000052 mov ax, word ptr [esi+32h] 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A015B1 second address: 7A015B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A015B5 second address: 7A015BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A015BB second address: 7A015D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, esi 0x00000005 mov di, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov word ptr [edx+32h], ax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FD4D8EEB82Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A015D9 second address: 7A015F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+34h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FD4D8D06B8Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A015F4 second address: 7A0160C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FD4D8EEB834h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0160C second address: 7A0161E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+34h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e movzx ecx, bx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe RDTSC instruction interceptor: First address: 7A0161E second address: 7A01624 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Special instruction interceptor: First address: 151A433 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Special instruction interceptor: First address: 137BA36 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Special instruction interceptor: First address: 15AD3AD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Code function: 0_2_079D0ADB rdtsc 0_2_079D0ADB
Source: C:\Users\user\Desktop\7eDrKI88k8.exe API coverage: 4.6 %
Source: C:\Users\user\Desktop\7eDrKI88k8.exe TID: 5064 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe TID: 5064 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: 7eDrKI88k8.exe, 7eDrKI88k8.exe, 00000000.00000002.2440805498.00000000014F7000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 7eDrKI88k8.exe, 00000000.00000003.2112448237.0000000001FD1000.00000004.00000020.00020000.00000000.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2113001663.0000000001FD4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
Source: Amcache.hve.4.dr Binary or memory string: VMware
Source: Amcache.hve.4.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.4.dr Binary or memory string: VMware, Inc.
Source: 7eDrKI88k8.exe, 00000000.00000003.2114947049.0000000007261000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlK'
Source: Amcache.hve.4.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: Amcache.hve.4.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: 7eDrKI88k8.exe, 00000000.00000002.2441395812.0000000001F9E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.4.dr Binary or memory string: vmci.sys
Source: 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: Amcache.hve.4.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.4.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.4.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr Binary or memory string: VMware20,1
Source: Amcache.hve.4.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: 7eDrKI88k8.exe, 00000000.00000002.2440805498.00000000014F7000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.4.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\7eDrKI88k8.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File opened: NTICE
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File opened: SICE
Source: C:\Users\user\Desktop\7eDrKI88k8.exe File opened: SIWVID
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Code function: 0_2_079D0ADB rdtsc 0_2_079D0ADB
Source: 7eDrKI88k8.exe, 7eDrKI88k8.exe, 00000000.00000002.2440805498.00000000014F7000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: &Program Manager
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\7eDrKI88k8.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: procmon.exe
Source: Amcache.hve.4.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.dr Binary or memory string: msmpeng.exe
Source: 7eDrKI88k8.exe, 00000000.00000002.2440292828.000000000120D000.00000040.00000001.01000000.00000003.sdmp, 7eDrKI88k8.exe, 00000000.00000003.2081400495.0000000007CD6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: wireshark.exe
Source: Amcache.hve.4.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.dr Binary or memory string: MsMpEng.exe
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs