Play interactive tour

Edit tour

Analysis Report fnp_my.dll

Overview

General Information

Sample Name:	fnp_my.dll
Analysis ID:	345244
MD5:	9e7f0e102da06fea22b2f42c7023f4d0
SHA1:	18bf04d09683aa5c664e0ccf52ac205a974ed9cd
SHA256:	8126a938b442f7fb4d8a405efb6db33890c1b34f8a886bbf764bb618eafe392d
Most interesting Screenshot:

Detection

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Abnormal high CPU Usage

Antivirus or Machine Learning detection for unpacked file

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Entry point lies outside standard sections

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Classification

Startup

System is w10x64

loaddll32.exe (PID: 6540 cmdline: loaddll32.exe 'C:\Users\user\Desktop\fnp_my.dll' MD5: 2D39D4DFDE8F7151723794029AB8A034)

rundll32.exe (PID: 6780 cmdline: rundll32.exe C:\Users\user\Desktop\fnp_my.dll,TMethodImplementationIntercept MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6924 cmdline: rundll32.exe C:\Users\user\Desktop\fnp_my.dll,__dbk_fcall_wrapper MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 7056 cmdline: rundll32.exe C:\Users\user\Desktop\fnp_my.dll,dbkFCallWrapperAddr MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: fnp_my.dll

Avira: detected

Multi AV Scanner detection for submitted file

Show sources

Source: fnp_my.dll	Virustotal: Detection: 34%			Perma Link
Source: fnp_my.dll	ReversingLabs: Detection: 45%

Machine Learning detection for sample

Show sources

Source: fnp_my.dll

Joe Sandbox ML: detected

Source: 0.1.loaddll32.exe.ea0000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen2
Source: 3.2.rundll32.exe.4a10000.1.unpack	Avira: Label: TR/Crypt.TPM.Gen
Source: 0.1.loaddll32.exe.ea0000.2.unpack	Avira: Label: TR/Crypt.ZPACK.Gen2
Source: 3.1.rundll32.exe.4a10000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen2
Source: 0.1.loaddll32.exe.ea0000.3.unpack	Avira: Label: TR/Crypt.ZPACK.Gen2
Source: 2.1.rundll32.exe.4c90000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen2
Source: 4.1.rundll32.exe.4dd0000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen2
Source: 4.1.rundll32.exe.4dd0000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen2
Source: 0.1.loaddll32.exe.ea0000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen2
Source: 2.1.rundll32.exe.4c90000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen2
Source: 3.1.rundll32.exe.4a10000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen2

Compliance:

Uses 32bit PE files

Show sources

Source: fnp_my.dll

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI

System Summary:

PE file contains section with special chars

Show sources

Source: fnp_my.dll	Static PE information: section name:
Source: fnp_my.dll	Static PE information: section name: .idata
Source: fnp_my.dll	Static PE information: section name:

Source: C:\Windows\SysWOW64\rundll32.exe

Process Stats: CPU usage > 98%

Source: fnp_my.dll

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI

Source: fnp_my.dll	Static PE information: Section: ZLIB complexity 0.998778400398
Source: fnp_my.dll	Static PE information: Section: pdnzzolr ZLIB complexity 1.021484375

Source: classification engine

Classification label: mal80.evad.winDLL@7/2@0/0

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\fnp_my.dll,TMethodImplementationIntercept

Source: fnp_my.dll	Virustotal: Detection: 34%
Source: fnp_my.dll	ReversingLabs: Detection: 45%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\fnp_my.dll'
Source: unknown	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\fnp_my.dll,TMethodImplementationIntercept
Source: unknown	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\fnp_my.dll,__dbk_fcall_wrapper
Source: unknown	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\fnp_my.dll,dbkFCallWrapperAddr
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\fnp_my.dll,TMethodImplementationIntercept
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\fnp_my.dll,__dbk_fcall_wrapper
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\fnp_my.dll,dbkFCallWrapperAddr

Source: C:\Windows\System32\loaddll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: fnp_my.dll

Static file information: File size 5310464 > 1048576

Source: fnp_my.dll

Static PE information: Raw size of ipjhmkim is bigger than: 0x100000 < 0x4a7800

Data Obfuscation:

Source: initial sample

Static PE information: section where entry point is pointing to: pdnzzolr

Source: fnp_my.dll	Static PE information: section name:
Source: fnp_my.dll	Static PE information: section name: .idata
Source: fnp_my.dll	Static PE information: section name:
Source: fnp_my.dll	Static PE information: section name: ipjhmkim
Source: fnp_my.dll	Static PE information: section name: pdnzzolr

Source: initial sample	Static PE information: section name: entropy: 7.98647327711
Source: initial sample	Static PE information: section name: pdnzzolr entropy: 7.23203811633

Hooking and other Techniques for Hiding and Protection:

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Show sources

Source: C:\Windows\System32\loaddll32.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Windows\System32\loaddll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D3D21 second address: 00000000010D3D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D3D29 second address: 00000000010D3D2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D3D2D second address: 00000000010D3D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F20E4DE65B6h 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D3D3F second address: 00000000010D3D43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D3D43 second address: 00000000010D3D51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F20E4DE65B6h 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D3D51 second address: 00000000010D3D55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D3D55 second address: 00000000010D3D71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F20E4DE65C2h 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D31AE second address: 00000000010D31B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D31B6 second address: 00000000010D31C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F20E4DE65B6h 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D32DC second address: 00000000010D32E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D32E1 second address: 00000000010D32EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D32EA second address: 00000000010D3330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F20E47CC1E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007F20E47CC20Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F20E47CC1E6h 0x00000019 jmp 00007F20E47CC1DBh 0x0000001e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D6C09 second address: 00000000010D6C1C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F20E4DE65B8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D6C1C second address: 00000000010D6C70 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F20E47CC1D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jmp 00007F20E47CC1DCh 0x00000014 pop eax 0x00000015 mov edx, 3A282E57h 0x0000001a push 00000003h 0x0000001c sub ch, FFFFFF8Eh 0x0000001f push 00000000h 0x00000021 or dword ptr [ebp+1D9A180Bh], ecx 0x00000027 add ecx, dword ptr [ebp+1D9A3695h] 0x0000002d push 00000003h 0x0000002f mov ecx, dword ptr [ebp+1D9A347Dh] 0x00000035 mov edi, 44465A1Ch 0x0000003a push ABAFC7FEh 0x0000003f push esi 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F20E47CC1DBh 0x00000047 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D6C70 second address: 00000000010D6CE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4DE65C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a add dword ptr [esp], 14503802h 0x00000011 call 00007F20E4DE65C0h 0x00000016 clc 0x00000017 pop edx 0x00000018 lea ebx, dword ptr [ebp+1DA91A6Eh] 0x0000001e and ecx, dword ptr [ebp+1D9A37E5h] 0x00000024 call 00007F20E4DE65BFh 0x00000029 pushad 0x0000002a mov di, BDA5h 0x0000002e mov ebx, dword ptr [ebp+1D9A2854h] 0x00000034 popad 0x00000035 pop ecx 0x00000036 xchg eax, ebx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a push ecx 0x0000003b pop ecx 0x0000003c jmp 00007F20E4DE65C0h 0x00000041 popad 0x00000042 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D6D5B second address: 00000000010D6D78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E47CC1E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D6D78 second address: 00000000010D6E40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F20E4DE65C4h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 movsx ecx, di 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+1D9A269Fh], esi 0x0000001b mov di, si 0x0000001e push EFE87F46h 0x00000023 jc 00007F20E4DE65D1h 0x00000029 add dword ptr [esp], 1017813Ah 0x00000030 mov ecx, dword ptr [ebp+1D9A36A9h] 0x00000036 mov edx, dword ptr [ebp+1D9A3685h] 0x0000003c push 00000003h 0x0000003e jbe 00007F20E4DE65C3h 0x00000044 push 00000000h 0x00000046 mov cx, 8172h 0x0000004a push 00000003h 0x0000004c movzx edi, dx 0x0000004f call 00007F20E4DE65B9h 0x00000054 jmp 00007F20E4DE65C5h 0x00000059 push eax 0x0000005a ja 00007F20E4DE65C5h 0x00000060 push edx 0x00000061 jmp 00007F20E4DE65BDh 0x00000066 pop edx 0x00000067 mov eax, dword ptr [esp+04h] 0x0000006b jnc 00007F20E4DE65C4h 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D6E40 second address: 00000000010D6E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D6E44 second address: 00000000010D6EA1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jmp 00007F20E4DE65BBh 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 push ecx 0x00000012 push edi 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop edi 0x00000016 pop ecx 0x00000017 pop eax 0x00000018 mov si, 0CA2h 0x0000001c jg 00007F20E4DE65B6h 0x00000022 lea ebx, dword ptr [ebp+1DA91A77h] 0x00000028 sub dword ptr [ebp+1DA8DE52h], ecx 0x0000002e xchg eax, ebx 0x0000002f pushad 0x00000030 pushad 0x00000031 jmp 00007F20E4DE65C7h 0x00000036 je 00007F20E4DE65B6h 0x0000003c popad 0x0000003d jc 00007F20E4DE65BCh 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D6F49 second address: 00000000010D6FAF instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F20E47CC1D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b nop 0x0000000c xor dword ptr [ebp+1D9A1813h], esi 0x00000012 mov dx, si 0x00000015 push 00000000h 0x00000017 mov dword ptr [ebp+1D9A19A1h], edi 0x0000001d call 00007F20E47CC1D9h 0x00000022 push edi 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 pop edx 0x00000027 pop edi 0x00000028 push eax 0x00000029 jmp 00007F20E47CC1E1h 0x0000002e mov eax, dword ptr [esp+04h] 0x00000032 jbe 00007F20E47CC1EEh 0x00000038 jc 00007F20E47CC1E8h 0x0000003e jmp 00007F20E47CC1E2h 0x00000043 mov eax, dword ptr [eax] 0x00000045 push esi 0x00000046 push ecx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010D7076 second address: 00000000010D707B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010FA3F8 second address: 00000000010FA3FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010FA3FD second address: 00000000010FA403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010FA403 second address: 00000000010FA40C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010FA40C second address: 00000000010FA410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010FA410 second address: 00000000010FA414 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F817F second address: 00000000010F8183 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8183 second address: 00000000010F8199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F20E47CC1D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jnp 00007F20E47CC1D6h 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8199 second address: 00000000010F819D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F819D second address: 00000000010F81A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F82FC second address: 00000000010F8301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8301 second address: 00000000010F8308 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F847B second address: 00000000010F8497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F20E4DE65C7h 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8497 second address: 00000000010F849D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F849D second address: 00000000010F84A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8783 second address: 00000000010F8789 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8789 second address: 00000000010F878F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F878F second address: 00000000010F87A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E47CC1DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F87A4 second address: 00000000010F87CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4DE65C5h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F20E4DE65DBh 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F87CA second address: 00000000010F87CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8931 second address: 00000000010F8937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8937 second address: 00000000010F8963 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E47CC1DAh 0x00000009 jmp 00007F20E47CC1DDh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F20E47CC1DCh 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8AF2 second address: 00000000010F8B18 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F20E4DE65D1h 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8B18 second address: 00000000010F8B1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8CCA second address: 00000000010F8CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8CCE second address: 00000000010F8CF2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 je 00007F20E47CC1D6h 0x0000000f pushad 0x00000010 popad 0x00000011 jl 00007F20E47CC1D6h 0x00000017 push edi 0x00000018 pop edi 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c ja 00007F20E47CC1D6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8CF2 second address: 00000000010F8CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8CF6 second address: 00000000010F8CFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F8CFA second address: 00000000010F8D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F20E4DE65BAh 0x0000000d popad 0x0000000e push edi 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jp 00007F20E4DE65B6h 0x0000001d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F926E second address: 00000000010F92A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E47CC1DDh 0x00000007 jmp 00007F20E47CC1E7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 jns 00007F20E47CC1D6h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F92A2 second address: 00000000010F92B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jns 00007F20E4DE65B6h 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F93BC second address: 00000000010F93D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F20E47CC1E0h 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F93D4 second address: 00000000010F9408 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 jmp 00007F20E4DE65C9h 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F20E4DE65BCh 0x00000019 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010BA995 second address: 00000000010BA99A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F9565 second address: 00000000010F959D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F20E4DE65C6h 0x0000000a jmp 00007F20E4DE65C7h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F9CE2 second address: 00000000010F9CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010F9CE6 second address: 00000000010F9CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010FA298 second address: 00000000010FA2A6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F20E47CC1E2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010FA2A6 second address: 00000000010FA2AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010FF2B0 second address: 00000000010FF2C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F20E47CC1D6h 0x00000009 jg 00007F20E47CC1D6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010FDCD2 second address: 00000000010FDCD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010FDCD6 second address: 00000000010FDCDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110BE4C second address: 000000000110BE5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F20E4DE65B6h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001108E64 second address: 0000000001108E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001108FEB second address: 000000000110900E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F20E4DE65B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F20E4DE65BBh 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jnl 00007F20E4DE65B6h 0x0000001d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011092E0 second address: 00000000011092E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011095B3 second address: 00000000011095DC instructions: 0x00000000 rdtsc 0x00000002 jg 00007F20E4DE65CBh 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F20E4DE65C3h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F20E4DE65BAh 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110998E second address: 0000000001109994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001109C66 second address: 0000000001109C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4DE65BFh 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001109C79 second address: 0000000001109C7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001109DC2 second address: 0000000001109DDB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4DE65C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001109DDB second address: 0000000001109E5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F20E47CC1D6h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f je 00007F20E47CC1D6h 0x00000015 jmp 00007F20E47CC1E9h 0x0000001a jns 00007F20E47CC1D6h 0x00000020 jne 00007F20E47CC1D6h 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 push eax 0x0000002a push edx 0x0000002b je 00007F20E47CC1F3h 0x00000031 jnc 00007F20E47CC1D6h 0x00000037 jmp 00007F20E47CC1E7h 0x0000003c jo 00007F20E47CC1F1h 0x00000042 jmp 00007F20E47CC1E9h 0x00000047 pushad 0x00000048 popad 0x00000049 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001109E5E second address: 0000000001109E63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001109E63 second address: 0000000001109E72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jl 00007F20E47CC1D6h 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001109E72 second address: 0000000001109E81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4DE65BBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001109FC7 second address: 0000000001109FCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110A100 second address: 000000000110A12E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F20E4DE65CEh 0x0000000a jmp 00007F20E4DE65C8h 0x0000000f jo 00007F20E4DE65F4h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 pop eax 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110A12E second address: 000000000110A13E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F20E47CC1D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110A13E second address: 000000000110A15A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4DE65C8h 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110A15A second address: 000000000110A160 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110A2C9 second address: 000000000110A2F2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F20E4DE65CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F20E4DE65B6h 0x00000013 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110A2F2 second address: 000000000110A32B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F20E47CC1E7h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f jmp 00007F20E47CC1E5h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001108D2D second address: 0000000001108D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F20E4DE65BCh 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110A5F7 second address: 000000000110A5FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110A73C second address: 000000000110A740 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110A740 second address: 000000000110A754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F20E47CC1D6h 0x0000000e jnl 00007F20E47CC1D6h 0x00000014 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110AA27 second address: 000000000110AA31 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F20E4DE65B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110AB85 second address: 000000000110ABB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E47CC1DCh 0x00000009 jmp 00007F20E47CC1E9h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110ABB0 second address: 000000000110ABE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push esi 0x00000007 pushad 0x00000008 jg 00007F20E4DE65B6h 0x0000000e jmp 00007F20E4DE65C9h 0x00000013 pushad 0x00000014 popad 0x00000015 jnc 00007F20E4DE65B6h 0x0000001b popad 0x0000001c pushad 0x0000001d jnc 00007F20E4DE65B6h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110AECC second address: 000000000110AEE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007F20E47CC1E0h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110B085 second address: 000000000110B09D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push edi 0x0000000a jbe 00007F20E4DE65B6h 0x00000010 pop edi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110B09D second address: 000000000110B0B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E47CC1E6h 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110B0B7 second address: 000000000110B0C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F20E4DE65B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110B39D second address: 000000000110B3A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110B3A2 second address: 000000000110B3D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F20E4DE65C4h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push edi 0x00000010 jmp 00007F20E4DE65C4h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110B57A second address: 000000000110B57F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000110BCF2 second address: 000000000110BD09 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F20E4DE65B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F20E4DE65BDh 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001111F56 second address: 0000000001111F5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001111F5A second address: 0000000001111F66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001111F66 second address: 0000000001111F84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F20E47CC1DEh 0x0000000e jp 00007F20E47CC1DCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011112FB second address: 000000000111131B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4DE65C4h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111131B second address: 0000000001111323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001111323 second address: 0000000001111328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001111328 second address: 000000000111132D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111132D second address: 0000000001111361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4DE65BCh 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b ja 00007F20E4DE65B6h 0x00000011 popad 0x00000012 push ebx 0x00000013 jp 00007F20E4DE65B6h 0x00000019 jns 00007F20E4DE65B6h 0x0000001f pop ebx 0x00000020 pop edx 0x00000021 pop eax 0x00000022 push ecx 0x00000023 jo 00007F20E4DE65BEh 0x00000029 pushad 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011114AF second address: 00000000011114BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001111AAC second address: 0000000001111AB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001111AB0 second address: 0000000001111AD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E47CC1DCh 0x00000007 jmp 00007F20E47CC1DDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001111AD1 second address: 0000000001111AD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001111C27 second address: 0000000001111C4D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jng 00007F20E47CC1D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jp 00007F20E47CC1EEh 0x00000012 jmp 00007F20E47CC1E2h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001111C4D second address: 0000000001111C56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edx 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011125EB second address: 000000000111264A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push esi 0x00000007 jng 00007F20E47CC1E3h 0x0000000d jmp 00007F20E47CC1DDh 0x00000012 pop esi 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jng 00007F20E47CC1DEh 0x0000001d jo 00007F20E47CC1D8h 0x00000023 pushad 0x00000024 popad 0x00000025 mov eax, dword ptr [eax] 0x00000027 pushad 0x00000028 push esi 0x00000029 pushad 0x0000002a popad 0x0000002b pop esi 0x0000002c pushad 0x0000002d push esi 0x0000002e pop esi 0x0000002f push ebx 0x00000030 pop ebx 0x00000031 popad 0x00000032 popad 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 jmp 00007F20E47CC1DFh 0x0000003c pop eax 0x0000003d mov dword ptr [ebp+1D9A1AFDh], edi 0x00000043 push EC3FDB0Dh 0x00000048 push edi 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111264A second address: 000000000111264E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011129FC second address: 0000000001112A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001112D8D second address: 0000000001112D93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001112D93 second address: 0000000001112D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001112D97 second address: 0000000001112D9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001112ED9 second address: 0000000001112EDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001112EDD second address: 0000000001112EF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4DE65BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011133CC second address: 00000000011133E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E47CC1DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011135A6 second address: 00000000011135AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011137F8 second address: 00000000011137FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011137FD second address: 0000000001113825 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F20E4DE65C5h 0x00000008 jc 00007F20E4DE65B6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001113825 second address: 000000000111382F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F20E47CC1D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001113882 second address: 00000000011138C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 jng 00007F20E4DE65CFh 0x0000000d jg 00007F20E4DE65C9h 0x00000013 nop 0x00000014 mov edi, 0AD42FBAh 0x00000019 push edi 0x0000001a mov esi, dword ptr [ebp+1D9A361Dh] 0x00000020 pop edi 0x00000021 push eax 0x00000022 jbe 00007F20E4DE65BEh 0x00000028 push edi 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001113D5C second address: 0000000001113DC9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F20E47CC1D8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 mov dword ptr [ebp+1D9A2FF9h], ecx 0x0000002b push 00000000h 0x0000002d mov dword ptr [ebp+1D9A3021h], ebx 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ecx 0x00000038 call 00007F20E47CC1D8h 0x0000003d pop ecx 0x0000003e mov dword ptr [esp+04h], ecx 0x00000042 add dword ptr [esp+04h], 00000019h 0x0000004a inc ecx 0x0000004b push ecx 0x0000004c ret 0x0000004d pop ecx 0x0000004e ret 0x0000004f mov edi, dword ptr [ebp+1D9A3825h] 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 ja 00007F20E47CC1DCh 0x0000005e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001113DC9 second address: 0000000001113DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001114664 second address: 000000000111466A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111466A second address: 000000000111466E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011155CE second address: 00000000011155D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011155D2 second address: 0000000001115631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007F20E4DE65B8h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push esi 0x00000027 call 00007F20E4DE65B8h 0x0000002c pop esi 0x0000002d mov dword ptr [esp+04h], esi 0x00000031 add dword ptr [esp+04h], 0000001Dh 0x00000039 inc esi 0x0000003a push esi 0x0000003b ret 0x0000003c pop esi 0x0000003d ret 0x0000003e push 00000000h 0x00000040 and di, C161h 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 pushad 0x0000004a popad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001115631 second address: 0000000001115636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001115636 second address: 0000000001115641 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F20E4DE65B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111600B second address: 0000000001116088 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jl 00007F20E47CC1DEh 0x0000000d jg 00007F20E47CC1D8h 0x00000013 nop 0x00000014 jmp 00007F20E47CC1E3h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ebp 0x0000001e call 00007F20E47CC1D8h 0x00000023 pop ebp 0x00000024 mov dword ptr [esp+04h], ebp 0x00000028 add dword ptr [esp+04h], 00000019h 0x00000030 inc ebp 0x00000031 push ebp 0x00000032 ret 0x00000033 pop ebp 0x00000034 ret 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push edx 0x0000003a call 00007F20E47CC1D8h 0x0000003f pop edx 0x00000040 mov dword ptr [esp+04h], edx 0x00000044 add dword ptr [esp+04h], 0000001Dh 0x0000004c inc edx 0x0000004d push edx 0x0000004e ret 0x0000004f pop edx 0x00000050 ret 0x00000051 push eax 0x00000052 jl 00007F20E47CC1E0h 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001116BBF second address: 0000000001116BC9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F20E4DE65B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001117570 second address: 0000000001117582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F20E47CC1D6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001117582 second address: 0000000001117586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001117586 second address: 00000000011175FA instructions: 0x00000000 rdtsc 0x00000002 je 00007F20E47CC1D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jl 00007F20E47CC1D6h 0x00000011 pop eax 0x00000012 popad 0x00000013 nop 0x00000014 sub dword ptr [ebp+1D9A20ABh], esi 0x0000001a add dword ptr [ebp+1D9A2F42h], edx 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 call 00007F20E47CC1D8h 0x0000002a pop ebx 0x0000002b mov dword ptr [esp+04h], ebx 0x0000002f add dword ptr [esp+04h], 00000016h 0x00000037 inc ebx 0x00000038 push ebx 0x00000039 ret 0x0000003a pop ebx 0x0000003b ret 0x0000003c mov di, C1E3h 0x00000040 movsx esi, cx 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007F20E47CC1D8h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 00000015h 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f mov si, 3DC5h 0x00000063 push eax 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 je 00007F20E47CC1D6h 0x0000006d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001118191 second address: 0000000001118195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001118195 second address: 0000000001118199 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001118199 second address: 00000000011181EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a add dword ptr [ebp+1D9A188Fh], edi 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007F20E4DE65B8h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c movsx esi, bx 0x0000002f xor dword ptr [ebp+1DA90974h], ebx 0x00000035 or edi, 4D0D2E37h 0x0000003b push 00000000h 0x0000003d mov esi, edi 0x0000003f mov si, di 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 jc 00007F20E4DE65B8h 0x0000004b pushad 0x0000004c popad 0x0000004d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011181EC second address: 00000000011181F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F20E47CC1D6h 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011181F6 second address: 00000000011181FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001118D33 second address: 0000000001118DAF instructions: 0x00000000 rdtsc 0x00000002 je 00007F20E47CC1DCh 0x00000008 jg 00007F20E47CC1D6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007F20E47CC1DEh 0x00000016 nop 0x00000017 push edx 0x00000018 mov dword ptr [ebp+1DAB4AF8h], eax 0x0000001e pop edi 0x0000001f push 00000000h 0x00000021 jmp 00007F20E47CC1DDh 0x00000026 push 00000000h 0x00000028 xor edi, 37E717B8h 0x0000002e call 00007F20E47CC1E1h 0x00000033 mov edi, eax 0x00000035 pop edi 0x00000036 xchg eax, ebx 0x00000037 js 00007F20E47CC1DCh 0x0000003d pushad 0x0000003e push edi 0x0000003f pop edi 0x00000040 pushad 0x00000041 popad 0x00000042 popad 0x00000043 push eax 0x00000044 push esi 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F20E47CC1E8h 0x0000004c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111BD21 second address: 000000000111BD2E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F20E4DE65B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111CD5F second address: 000000000111CDE2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007F20E47CC1DFh 0x00000010 mov dword ptr [ebp+1D9A3531h], edi 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F20E47CC1D8h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000015h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 or dword ptr [ebp+1DAC4569h], edi 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push edx 0x0000003d call 00007F20E47CC1D8h 0x00000042 pop edx 0x00000043 mov dword ptr [esp+04h], edx 0x00000047 add dword ptr [esp+04h], 00000018h 0x0000004f inc edx 0x00000050 push edx 0x00000051 ret 0x00000052 pop edx 0x00000053 ret 0x00000054 mov dword ptr [ebp+1D9A2593h], edi 0x0000005a mov bh, 10h 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007F20E47CC1E1h 0x00000064 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111CDE2 second address: 000000000111CDFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F20E4DE65C5h 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111EEFB second address: 000000000111EF00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111EF00 second address: 000000000111EF76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F20E4DE65C2h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov edi, dword ptr [ebp+1D9A3505h] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007F20E4DE65B8h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 mov dword ptr [ebp+1D9A25C8h], edx 0x00000036 mov bx, 2D8Dh 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push ecx 0x0000003f call 00007F20E4DE65B8h 0x00000044 pop ecx 0x00000045 mov dword ptr [esp+04h], ecx 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc ecx 0x00000052 push ecx 0x00000053 ret 0x00000054 pop ecx 0x00000055 ret 0x00000056 mov ebx, edi 0x00000058 mov ebx, dword ptr [ebp+1D9A25DAh] 0x0000005e push eax 0x0000005f pushad 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111EF76 second address: 000000000111EF7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011230BB second address: 00000000011230C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F20E4DE65B6h 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001123164 second address: 0000000001123176 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E47CC1DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011241A6 second address: 00000000011241AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011241AA second address: 000000000112422B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F20E47CC1E5h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F20E47CC1D8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 jmp 00007F20E47CC1E4h 0x0000002e push 00000000h 0x00000030 mov ebx, dword ptr [ebp+1D9A26CDh] 0x00000036 push 00000000h 0x00000038 mov dword ptr [ebp+1D9A26A9h], eax 0x0000003e mov edi, dword ptr [ebp+1D9A1A62h] 0x00000044 xchg eax, esi 0x00000045 jmp 00007F20E47CC1E3h 0x0000004a push eax 0x0000004b pushad 0x0000004c pushad 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001127157 second address: 000000000112715B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000112715B second address: 0000000001127183 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F20E47CC1E7h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jc 00007F20E47CC1D6h 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001127183 second address: 000000000112718C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000112823E second address: 0000000001128262 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F20E47CC1DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F20E47CC1DDh 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010BC4A3 second address: 00000000010BC4A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000112B941 second address: 000000000112B974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 jmp 00007F20E47CC1E1h 0x0000000e nop 0x0000000f mov di, ADA1h 0x00000013 push 00000000h 0x00000015 mov di, dx 0x00000018 push 00000000h 0x0000001a mov bh, cl 0x0000001c xchg eax, esi 0x0000001d push eax 0x0000001e push edx 0x0000001f js 00007F20E47CC1DCh 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000112B974 second address: 000000000112B978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000112B978 second address: 000000000112B995 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E47CC1DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jp 00007F20E47CC1DEh 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000112E078 second address: 000000000112E098 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007F20E4DE65B6h 0x0000000d jmp 00007F20E4DE65BBh 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000113162C second address: 0000000001131632 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001131632 second address: 0000000001131637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001137BB6 second address: 0000000001137BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F20E4E5D346h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001137BC5 second address: 0000000001137BF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007F20E4B5093Fh 0x0000000e jne 00007F20E4B50936h 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 ja 00007F20E4B50942h 0x0000001e jbe 00007F20E4B50936h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001137BF5 second address: 0000000001137C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F20E4E5D34Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001137C01 second address: 0000000001137C07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010BFBB1 second address: 00000000010BFBCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F20E4E5D351h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010BFBCD second address: 00000000010BFBD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010BFBD1 second address: 00000000010BFBD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001137516 second address: 000000000113751A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000113751A second address: 000000000113751E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011434CD second address: 00000000011434D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011434D6 second address: 00000000011434ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F20E4E5D346h 0x00000011 jne 00007F20E4E5D346h 0x00000017 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011434ED second address: 000000000114350F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F20E4B50944h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F20E4B50936h 0x00000013 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000114350F second address: 0000000001143513 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001143513 second address: 0000000001143533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jng 00007F20E4B50936h 0x0000000f jg 00007F20E4B50936h 0x00000015 jc 00007F20E4B50936h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001143533 second address: 0000000001143537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001143537 second address: 000000000114353B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001142A4A second address: 0000000001142A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F20E4E5D351h 0x0000000a jmp 00007F20E4E5D34Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001142A73 second address: 0000000001142A77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001142CF7 second address: 0000000001142D04 instructions: 0x00000000 rdtsc 0x00000002 js 00007F20E4E5D346h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001142E34 second address: 0000000001142E38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011430E1 second address: 00000000011430E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011430E5 second address: 00000000011430E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011430E9 second address: 0000000001143103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F20E4E5D352h 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001143103 second address: 0000000001143115 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F20E4B50936h 0x00000009 pushad 0x0000000a popad 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001149158 second address: 0000000001149170 instructions: 0x00000000 rdtsc 0x00000002 js 00007F20E4E5D346h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F20E4E5D346h 0x00000012 jc 00007F20E4E5D346h 0x00000018 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001149170 second address: 0000000001149174 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001147F26 second address: 0000000001147F2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001147F2A second address: 0000000001147F32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001147F32 second address: 0000000001147F6D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F20E4E5D34Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F20E4E5D34Eh 0x00000011 jc 00007F20E4E5D35Bh 0x00000017 jmp 00007F20E4E5D34Fh 0x0000001c ja 00007F20E4E5D346h 0x00000022 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A070 second address: 000000000111A074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A074 second address: 000000000111A07A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A33F second address: 000000000111A343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A343 second address: 000000000111A34C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A4D9 second address: 000000000111A500 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F20E4B5094Bh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A500 second address: 000000000111A506 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A506 second address: 000000000111A541 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F20E4B50938h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push ecx 0x0000000f pushad 0x00000010 js 00007F20E4B50936h 0x00000016 jmp 00007F20E4B5093Eh 0x0000001b popad 0x0000001c pop ecx 0x0000001d pop eax 0x0000001e movsx edx, cx 0x00000021 mov edx, 7CEE3D61h 0x00000026 push 452DBB47h 0x0000002b push eax 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f pop eax 0x00000030 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A662 second address: 000000000111A680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], esi 0x00000009 pushad 0x0000000a jmp 00007F20E4E5D34Eh 0x0000000f popad 0x00000010 nop 0x00000011 push esi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A680 second address: 000000000111A68D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A68D second address: 000000000111A6B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4E5D34Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F20E4E5D351h 0x00000011 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A760 second address: 000000000111A77D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F20E4B50940h 0x00000008 jmp 00007F20E4B5093Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A77D second address: 000000000111A781 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A781 second address: 000000000111A797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push edx 0x0000000b jnl 00007F20E4B50936h 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A797 second address: 000000000111A79B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111A870 second address: 000000000111A881 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jp 00007F20E4B50944h 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001148207 second address: 0000000001148218 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 pushad 0x00000009 jbe 00007F20E4E5D346h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000114835A second address: 0000000001148360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001148360 second address: 0000000001148364 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001148364 second address: 000000000114836D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000114836D second address: 0000000001148379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001148379 second address: 000000000114839A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F20E4B5093Dh 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000114839A second address: 00000000011483A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007F20E4E5D346h 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001148840 second address: 000000000114884E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F20E4B50936h 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000114884E second address: 0000000001148854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011489C1 second address: 00000000011489C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011489C5 second address: 00000000011489D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011489D3 second address: 0000000001148A01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B50940h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F20E4B50946h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001148B4B second address: 0000000001148B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 ja 00007F20E4E5D34Eh 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001148CC3 second address: 0000000001148CCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001148CCA second address: 0000000001148CD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001148CD0 second address: 0000000001148CD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001148CD4 second address: 0000000001148D00 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F20E4E5D346h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F20E4E5D356h 0x0000001b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000114AD22 second address: 000000000114AD28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000114AD28 second address: 000000000114AD2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001076098 second address: 00000000010760B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B5093Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jno 00007F20E4B50936h 0x00000011 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000115109B second address: 00000000011510D8 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F20E4E5D346h 0x00000008 jp 00007F20E4E5D346h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F20E4E5D352h 0x00000015 jbe 00007F20E4E5D34Ch 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e jng 00007F20E4E5D34Ch 0x00000024 jne 00007F20E4E5D346h 0x0000002a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011510D8 second address: 00000000011510DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011510DE second address: 00000000011510E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001151225 second address: 000000000115123C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B5093Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000115123C second address: 0000000001151242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001151242 second address: 0000000001151246 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001151646 second address: 0000000001151665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4E5D359h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001150CCC second address: 0000000001150CD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001151A9D second address: 0000000001151AB8 instructions: 0x00000000 rdtsc 0x00000002 js 00007F20E4E5D346h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F20E4E5D34Ch 0x00000015 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001151BFB second address: 0000000001151C24 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push edi 0x0000000e pop edi 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F20E4B50945h 0x00000017 push esi 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001151C24 second address: 0000000001151C28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001151C28 second address: 0000000001151C45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4B50943h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001151C45 second address: 0000000001151C4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001151D93 second address: 0000000001151D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001157E21 second address: 0000000001157E27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001157F7F second address: 0000000001157F91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F20E4B50936h 0x0000000a je 00007F20E4B50936h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001157F91 second address: 0000000001157F99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001158547 second address: 000000000115854B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000115883A second address: 0000000001158850 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D34Ch 0x00000007 js 00007F20E4E5D34Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001158B1D second address: 0000000001158B33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F20E4B5093Ch 0x0000000c ja 00007F20E4B50936h 0x00000012 pushad 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001158B33 second address: 0000000001158B54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jne 00007F20E4E5D348h 0x0000000b jmp 00007F20E4E5D351h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001158DFF second address: 0000000001158E21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F20E4B50947h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001158E21 second address: 0000000001158E25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011591EC second address: 00000000011591F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000115D186 second address: 000000000115D1A4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jp 00007F20E4E5D346h 0x00000009 ja 00007F20E4E5D346h 0x0000000f pop ebx 0x00000010 jc 00007F20E4E5D348h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000115D1A4 second address: 000000000115D1B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F20E4B50936h 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000115D1B2 second address: 000000000115D1CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4E5D34Ah 0x00000009 pop esi 0x0000000a jg 00007F20E4E5D348h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000115D1CD second address: 000000000115D1D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F20E4B50936h 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001167465 second address: 0000000001167469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001167469 second address: 0000000001167475 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F20E4B50936h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001166D23 second address: 0000000001166D3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D355h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001166D3C second address: 0000000001166D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F20E4B50944h 0x0000000b pushad 0x0000000c jg 00007F20E4B50936h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001166EB8 second address: 0000000001166EBE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001166EBE second address: 0000000001166EC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F20E4B50936h 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001174408 second address: 0000000001174417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jg 00007F20E4E5D346h 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001174417 second address: 000000000117442C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F20E4B5093Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000117442C second address: 000000000117444B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F20E4E5D348h 0x00000008 pushad 0x00000009 jmp 00007F20E4E5D34Ch 0x0000000e jns 00007F20E4E5D346h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001173A06 second address: 0000000001173A19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B5093Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001173D36 second address: 0000000001173D3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001173D3E second address: 0000000001173D53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F20E4B50938h 0x0000000b push eax 0x0000000c pop eax 0x0000000d je 00007F20E4B5094Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001179B75 second address: 0000000001179B9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4E5D357h 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F20E4E5D34Dh 0x00000010 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001179B9F second address: 0000000001179BA5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111AB89 second address: 000000000111AB9F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F20E4E5D346h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f jp 00007F20E4E5D346h 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111AB9F second address: 000000000111ABA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111AC4F second address: 000000000111AC53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000111AC53 second address: 000000000111AC59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000117E26E second address: 000000000117E276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000117E3AC second address: 000000000117E3B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000117E3B0 second address: 000000000117E3C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D34Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000117E3C3 second address: 000000000117E3CD instructions: 0x00000000 rdtsc 0x00000002 je 00007F20E4B5093Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000117E3CD second address: 000000000117E3D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000117E3D9 second address: 000000000117E3DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000117E3DD second address: 000000000117E3EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F20E4E5D346h 0x00000011 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000117E3EE second address: 000000000117E3FA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011878F5 second address: 0000000001187921 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F20E4E5D358h 0x0000000a pop esi 0x0000000b jc 00007F20E4E5D352h 0x00000011 jl 00007F20E4E5D346h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001185C36 second address: 0000000001185C3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000118688E second address: 00000000011868B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F20E4E5D346h 0x00000012 jmp 00007F20E4E5D359h 0x00000017 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011873A2 second address: 00000000011873BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F20E4B50943h 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000118761C second address: 0000000001187630 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F20E4E5D346h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001187630 second address: 0000000001187634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001191C95 second address: 0000000001191CB5 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F20E4E5D346h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F20E4E5D346h 0x00000012 jmp 00007F20E4E5D34Eh 0x00000017 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001191CB5 second address: 0000000001191CB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001191E0E second address: 0000000001191E18 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F20E4E5D352h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001191E18 second address: 0000000001191E1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001191E1E second address: 0000000001191E42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4E5D34Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F20E4E5D34Dh 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001191E42 second address: 0000000001191E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001191E46 second address: 0000000001191E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4E5D351h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001191E5D second address: 0000000001191E62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011924A4 second address: 00000000011924C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D359h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011924C1 second address: 00000000011924D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 jns 00007F20E4B5095Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F20E4B50936h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011924D8 second address: 00000000011924DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011924DC second address: 00000000011924E6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F20E4B50936h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001192634 second address: 000000000119263A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000119263A second address: 000000000119265F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B50947h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jnl 00007F20E4B50936h 0x00000013 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000119265F second address: 0000000001192675 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D352h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011927F8 second address: 0000000001192822 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jmp 00007F20E4B5093Ah 0x0000000c jl 00007F20E4B50938h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push ebx 0x00000018 push eax 0x00000019 pop eax 0x0000001a pop ebx 0x0000001b jmp 00007F20E4B5093Ah 0x00000020 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001192822 second address: 0000000001192829 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000119E4E2 second address: 000000000119E4E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000119E4E8 second address: 000000000119E507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push edx 0x00000008 jmp 00007F20E4E5D356h 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000119E507 second address: 000000000119E541 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B50947h 0x00000007 jmp 00007F20E4B50949h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000119D235 second address: 000000000119D24F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F20E4E5D356h 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000119D24F second address: 000000000119D259 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F20E4B50936h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000119DC68 second address: 000000000119DC82 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F20E4E5D346h 0x00000008 jns 00007F20E4E5D346h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 jbe 00007F20E4E5D346h 0x0000001a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000119DC82 second address: 000000000119DC86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000119E386 second address: 000000000119E39E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F20E4E5D354h 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000119E39E second address: 000000000119E3A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B15D4 second address: 00000000011B15E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F20E4E5D346h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B15E5 second address: 00000000011B15EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B843D second address: 00000000011B845F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D34Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F20E4E5D34Dh 0x00000010 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B845F second address: 00000000011B8481 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F20E4B50948h 0x00000009 jl 00007F20E4B50936h 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B7124 second address: 00000000011B7135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4E5D34Dh 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B7135 second address: 00000000011B7147 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B5093Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B7147 second address: 00000000011B714B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B714B second address: 00000000011B7170 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F20E4B50936h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F20E4B50948h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B7170 second address: 00000000011B7176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B72ED second address: 00000000011B7303 instructions: 0x00000000 rdtsc 0x00000002 je 00007F20E4B5093Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B7303 second address: 00000000011B7307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B7713 second address: 00000000011B7717 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011B7717 second address: 00000000011B7730 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D355h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011BC37B second address: 00000000011BC381 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011BBC39 second address: 00000000011BBC4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4E5D350h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011BBC4F second address: 00000000011BBC73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F20E4B5094Fh 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011BBDE9 second address: 00000000011BBDFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D34Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011BBDFC second address: 00000000011BBE15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B50944h 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011BBFE2 second address: 00000000011BBFE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011BBFE6 second address: 00000000011BBFF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011BBFF2 second address: 00000000011BC00A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F20E4E5D354h 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011BC00A second address: 00000000011BC00E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011BC00E second address: 00000000011BC017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000120428E second address: 00000000012042B3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F20E4B5093Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007F20E4B5093Eh 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 jnc 00007F20E4B50936h 0x00000019 push ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000120453A second address: 000000000120454F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F20E4E5D34Bh 0x0000000b popad 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000120454F second address: 0000000001204554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001204554 second address: 000000000120455B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001205414 second address: 000000000120541D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000120541D second address: 0000000001205422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001205422 second address: 0000000001205427 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001205427 second address: 000000000120544E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 jns 00007F20E4E5D346h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007F20E4E5D346h 0x0000001a jmp 00007F20E4E5D34Dh 0x0000001f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011C1C47 second address: 00000000011C1C4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011C1C4F second address: 00000000011C1C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011C1C58 second address: 00000000011C1C62 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F20E4B5093Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011C1C62 second address: 00000000011C1C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001205BC7 second address: 0000000001205BDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B5093Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000120B905 second address: 000000000120B911 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F20E4E5D346h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000120B911 second address: 000000000120B924 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F20E4B5093Eh 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001239924 second address: 000000000123992A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000123992A second address: 000000000123992F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000123992F second address: 0000000001239934 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001239A7C second address: 0000000001239A80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001239A80 second address: 0000000001239A8E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jp 00007F20E4E5D346h 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001239BB2 second address: 0000000001239BD8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F20E4B5093Ch 0x00000008 pushad 0x00000009 jmp 00007F20E4B50945h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000123A027 second address: 000000000123A047 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F20E4E5D34Ah 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 jp 00007F20E4E5D346h 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000123B0CB second address: 000000000123B0E3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F20E4B50942h 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000123B0E3 second address: 000000000123B0ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F20E4E5D346h 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001243042 second address: 000000000124304B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000124304B second address: 000000000124305A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F20E4E5D346h 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000124305A second address: 0000000001243064 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001243064 second address: 000000000124306A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000124306A second address: 000000000124307F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push ecx 0x0000000b jns 00007F20E4B50936h 0x00000011 pop ecx 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000124307F second address: 000000000124308A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000124308A second address: 000000000124308E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001247CBD second address: 0000000001247CD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4E5D357h 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001247CD8 second address: 0000000001247CDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000124AA44 second address: 000000000124AA4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000126D7AC second address: 000000000126D7BE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jnl 00007F20E4B50944h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000126D7BE second address: 000000000126D7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000126D7C2 second address: 000000000126D7F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b push ecx 0x0000000c jmp 00007F20E4B5093Ah 0x00000011 pop ecx 0x00000012 jmp 00007F20E4B50942h 0x00000017 popad 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000126D7F6 second address: 000000000126D80F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F20E4E5D354h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000126EC48 second address: 000000000126EC61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F20E4B50936h 0x0000000a jnc 00007F20E4B50938h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000126EC61 second address: 000000000126EC65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000126EC65 second address: 000000000126EC73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000126FF45 second address: 000000000126FF4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001286B38 second address: 0000000001286B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4B50940h 0x00000009 jmp 00007F20E4B50940h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jno 00007F20E4B50936h 0x00000019 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001289748 second address: 000000000128974D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001292038 second address: 0000000001292045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F20E4B5093Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000012915E1 second address: 00000000012915E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001291A3D second address: 0000000001291A46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001291B68 second address: 0000000001291B73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001291B73 second address: 0000000001291B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F20E4B50936h 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001291B7D second address: 0000000001291B99 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F20E4E5D354h 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001291B99 second address: 0000000001291BBC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F20E4B50936h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F20E4B50944h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000120DDDF second address: 000000000120DDE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000120DDE7 second address: 000000000120DDEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001291D1C second address: 0000000001291D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4E5D34Fh 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c ja 00007F20E4E5D34Ch 0x00000012 jnl 00007F20E4E5D346h 0x00000018 push eax 0x00000019 push edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001291D42 second address: 0000000001291D74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B5093Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push edx 0x0000000d jmp 00007F20E4B50945h 0x00000012 jo 00007F20E4B5093Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129888D second address: 0000000001298892 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001298892 second address: 00000000012988A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F20E4B50936h 0x00000009 jnl 00007F20E4B50936h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edi 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001299071 second address: 0000000001299077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001299077 second address: 0000000001299080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001299080 second address: 0000000001299086 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001299233 second address: 0000000001299239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001299239 second address: 000000000129924B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jp 00007F20E4E5D346h 0x0000000c jnl 00007F20E4E5D346h 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129924B second address: 000000000129924F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129924F second address: 000000000129925B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129925B second address: 000000000129925F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129965F second address: 0000000001299663 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001299663 second address: 0000000001299669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001299669 second address: 00000000012996BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D34Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F20E4E5D34Eh 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F20E4E5D358h 0x00000019 popad 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d jns 00007F20E4E5D346h 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 jne 00007F20E4E5D346h 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000012996BC second address: 00000000012996C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000012996C0 second address: 00000000012996C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000012996C4 second address: 00000000012996D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F20E4B50936h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129D9B2 second address: 000000000129D9B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129D9B6 second address: 000000000129D9BF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129D9BF second address: 000000000129D9C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129D9C5 second address: 000000000129D9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F20E4B50936h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129D9D0 second address: 000000000129D9D5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129DC68 second address: 000000000129DC6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129DC6E second address: 000000000129DC8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jmp 00007F20E4E5D34Ah 0x0000000c jg 00007F20E4E5D348h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129DC8D second address: 000000000129DC97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129DC97 second address: 000000000129DC9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129E200 second address: 000000000129E207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129E207 second address: 000000000129E211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000129E64F second address: 000000000129E665 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F20E4B5093Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000012A4316 second address: 00000000012A431A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000012A431A second address: 00000000012A4339 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F20E4B50949h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000012A9264 second address: 00000000012A926B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000012A926B second address: 00000000012A927A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000012A927A second address: 00000000012A927E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000012A927E second address: 00000000012A9284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000102CDD9 second address: 000000000102CDDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001311478 second address: 000000000131147C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000131147C second address: 0000000001311480 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001311480 second address: 0000000001311486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001311486 second address: 00000000013114B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F20E4E5D354h 0x0000000e jp 00007F20E4E5D351h 0x00000014 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000013114B4 second address: 00000000013114D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007F20E4B50936h 0x0000000b jnl 00007F20E4B50936h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 jmp 00007F20E4B5093Bh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000131CDDE second address: 000000000131CDF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20E4E5D350h 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000131CDF2 second address: 000000000131CE2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B50943h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push edx 0x0000000b jng 00007F20E4B50955h 0x00000011 jmp 00007F20E4B50949h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000132C022 second address: 000000000132C028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000132C028 second address: 000000000132C02C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000132C02C second address: 000000000132C032 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000132C032 second address: 000000000132C040 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F20E4B50938h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000132C040 second address: 000000000132C044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000132C044 second address: 000000000132C048 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001071075 second address: 0000000001071082 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007F20E4E5D346h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001071082 second address: 00000000010710B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F20E4B50946h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F20E4B50951h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F20E4B5093Dh 0x00000019 push eax 0x0000001a pop eax 0x0000001b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001335AD3 second address: 0000000001335AD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001335AD7 second address: 0000000001335ADD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001031E65 second address: 0000000001031E69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001031E69 second address: 0000000001031E7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B50941h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001031E7E second address: 0000000001031E84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001031E84 second address: 0000000001031E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001031E88 second address: 0000000001031EA4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F20E4E5D346h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F20E4E5D34Dh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001344196 second address: 000000000134419A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000134419A second address: 00000000013441C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D355h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push edi 0x0000000b jne 00007F20E4E5D34Eh 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000013441C6 second address: 00000000013441CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000136221D second address: 0000000001362221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001362221 second address: 000000000136222D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000136222D second address: 0000000001362231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001362231 second address: 000000000136223C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push ebx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000106F54B second address: 000000000106F550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000136A4F0 second address: 000000000136A4F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000136A4F7 second address: 000000000136A540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F20E4E5D358h 0x00000014 popad 0x00000015 jno 00007F20E4E5D35Eh 0x0000001b push ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001372E62 second address: 0000000001372E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 js 00007F20E4B5093Eh 0x0000000b jno 00007F20E4B50936h 0x00000011 pushad 0x00000012 popad 0x00000013 jc 00007F20E4B50942h 0x00000019 jns 00007F20E4B50936h 0x0000001f jnl 00007F20E4B50936h 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F20E4B5093Ch 0x0000002d rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001373140 second address: 0000000001373162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F20E4E5D359h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001373162 second address: 0000000001373166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001373166 second address: 0000000001373178 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F20E4E5D346h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F20E4E5D346h 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001373178 second address: 000000000137317C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001373310 second address: 0000000001373329 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F20E4E5D34Ch 0x0000000d jnc 00007F20E4E5D346h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 pop eax 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001373329 second address: 000000000137332D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000137389F second address: 00000000013738C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F20E4E5D353h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F20E4E5D34Eh 0x00000012 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000013738C8 second address: 00000000013738CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000013738CC second address: 00000000013738F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnc 00007F20E4E5D35Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000013738F5 second address: 00000000013738FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F20E4B50936h 0x0000000a rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001373A55 second address: 0000000001373A5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000013777F3 second address: 0000000001377806 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F20E4B5093Fh 0x00000009 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001377806 second address: 000000000137780C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000137D627 second address: 000000000137D62B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000137D62B second address: 000000000137D648 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F20E4E5D353h 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000137D648 second address: 000000000137D662 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4B50943h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001391E03 second address: 0000000001391E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F20E4E5D346h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001391E13 second address: 0000000001391E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001391FBC second address: 0000000001391FC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000139252E second address: 0000000001392533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001392533 second address: 0000000001392539 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001392539 second address: 000000000139253D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000013926A1 second address: 00000000013926AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F20E4E5D346h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000013928E4 second address: 0000000001392931 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F20E4B50942h 0x00000008 jmp 00007F20E4B50946h 0x0000000d js 00007F20E4B50936h 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 jc 00007F20E4B50975h 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 jmp 00007F20E4B5093Fh 0x00000025 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001392931 second address: 0000000001392952 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D358h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001392AA6 second address: 0000000001392AAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000139749F second address: 00000000013974A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010213AD second address: 00000000010213B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010213B1 second address: 00000000010213DE instructions: 0x00000000 rdtsc 0x00000002 jp 00007F20E4E5D346h 0x00000008 jno 00007F20E4E5D346h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F20E4E5D359h 0x00000019 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000010213DE second address: 0000000001021402 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F20E4B50936h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F20E4B50945h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001021402 second address: 000000000102140E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000102140E second address: 0000000001021414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001021414 second address: 0000000001021436 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D358h 0x00000007 je 00007F20E4E5D346h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011AA696 second address: 00000000011AA69A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011AA69A second address: 00000000011AA69E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011AA69E second address: 00000000011AA6A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 00000000011AA6A6 second address: 00000000011AA6CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20E4E5D357h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jo 00007F20E4E5D346h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 000000000140344E second address: 0000000001403476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 jo 00007F20E4B50936h 0x0000000d jmp 00007F20E4B50944h 0x00000012 jc 00007F20E4B50936h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Windows\System32\loaddll32.exe	RDTSC instruction interceptor: First address: 0000000001403476 second address: 0000000001403488 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F20E4E5D34Eh 0x00000009 rdtsc

Source: C:\Windows\SysWOW64\rundll32.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Windows\SysWOW64\rundll32.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Windows\System32\loaddll32.exe

File opened: PhysicalDrive0

Source: rundll32.exe	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: rundll32.exe, 00000002.00000002.245875545.0000000004C90000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.259607750.0000000004DD0000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: rundll32.exe, 00000003.00000002.609898527.0000000002DB0000.00000004.00000020.sdmp	Binary or memory string: Y\MACHINE\HARDWARE\ACPI\DSDT\VBOX__9-4053062332-1002\Software\WineblyStorageRootse\MicrosoftOleFeatureDevelopmentProperties
Source: rundll32.exe, 00000002.00000002.245875545.0000000004C90000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.259607750.0000000004DD0000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: rundll32.exe, 00000002.00000002.245875545.0000000004C90000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.259607750.0000000004DD0000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: rundll32.exe, 00000003.00000002.609898527.0000000002DB0000.00000004.00000020.sdmp	Binary or memory string: \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__9-4053062332-1002\Software\WineblyStorageRootse\MicrosoftOleFeatureDevelopmentProperties
Source: rundll32.exe, 00000003.00000002.610715928.0000000004C4E000.00000040.00020000.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: rundll32.exe, 00000002.00000002.245875545.0000000004C90000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.259607750.0000000004DD0000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Windows\System32\loaddll32.exe

System information queried: ModuleInformation

Source: C:\Windows\System32\loaddll32.exe

Process information queried: ProcessInformation

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Windows\System32\loaddll32.exe	Thread information set: HideFromDebugger
Source: C:\Windows\SysWOW64\rundll32.exe	Thread information set: HideFromDebugger
Source: C:\Windows\SysWOW64\rundll32.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Show sources

Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: regmonclass
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: gbdyllo
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: procmon_window_class
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: ollydbg
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: filemonclass
Source: C:\Windows\SysWOW64\rundll32.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Windows\SysWOW64\rundll32.exe	File opened: NTICE
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: SICE
Source: C:\Windows\SysWOW64\rundll32.exe	File opened: SIWVID

Source: C:\Windows\System32\loaddll32.exe	Process queried: DebugPort
Source: C:\Windows\System32\loaddll32.exe	Process queried: DebugPort
Source: C:\Windows\System32\loaddll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort
Source: C:\Windows\SysWOW64\rundll32.exe	Process queried: DebugPort

HIPS / PFW / Operating System Protection Evasion:

Source: rundll32.exe, 00000003.00000002.610226431.0000000003600000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: rundll32.exe, 00000003.00000002.610226431.0000000003600000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: rundll32.exe, 00000003.00000002.610226431.0000000003600000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: rundll32.exe, 00000003.00000002.610226431.0000000003600000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Source: C:\Windows\System32\loaddll32.exe	Queries volume information: C:\ProgramData\yysrkymy.zki VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\ProgramData\yysrkymy.zki VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\ProgramData\yysrkymy.zki VolumeInformation

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection2	Virtualization/Sandbox Evasion24	OS Credential Dumping	Security Software Discovery441	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rundll321	LSASS Memory	Virtualization/Sandbox Evasion24	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Software Packing3	Security Account Manager	Process Discovery2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection2	NTDS	System Information Discovery122	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information1	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
fnp_my.dll	34%	Virustotal		Browse
fnp_my.dll	45%	ReversingLabs	Win32.Trojan.Generic
fnp_my.dll	100%	Avira	TR/Crypt.TPM.Gen
fnp_my.dll	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Download
0.1.loaddll32.exe.ea0000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen2	Download File
3.2.rundll32.exe.4a10000.1.unpack	100%	Avira	TR/Crypt.TPM.Gen	Download File
0.1.loaddll32.exe.ea0000.2.unpack	100%	Avira	TR/Crypt.ZPACK.Gen2	Download File
3.1.rundll32.exe.4a10000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen2	Download File
0.1.loaddll32.exe.ea0000.3.unpack	100%	Avira	TR/Crypt.ZPACK.Gen2	Download File
2.1.rundll32.exe.4c90000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen2	Download File
4.1.rundll32.exe.4dd0000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen2	Download File
4.1.rundll32.exe.4dd0000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen2	Download File
0.1.loaddll32.exe.ea0000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen2	Download File
2.1.rundll32.exe.4c90000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen2	Download File
3.1.rundll32.exe.4a10000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen2	Download File

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	345244
Start date:	27.01.2021
Start time:	21:40:13
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 43s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	fnp_my.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	28
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.evad.winDLL@7/2@0/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 60% (good quality ratio 40%) Quality average: 66.7% Quality standard deviation: 47.1%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .dll
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe Execution Graph export aborted for target rundll32.exe, PID 6924 because there are no executed function

Simulations

Behavior and APIs

Time	Type	Description
21:41:15	API Interceptor	1x Sleep call for process: loaddll32.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\ProgramData\mntemp Download File
Process:	C:\Windows\System32\loaddll32.exe
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:	3:V6Z8/5e5:V6Z8xe5
MD5:	57AE9F6FE8C726D74E5C00A47AE7F4F9
SHA1:	9888E86DB368FC7A8FCFF4D87F39EDE6144965B6
SHA-256:	D751C19D3C832BB006ED0D3BFB9833715B0DA9523D4661E830B81674A79322A4
SHA-512:	E030417D8B58CADD979390AA7ACD484EFF19A0A67825DCB9E69542556E9BE51F3A1DAF8987CB7F2891F89F7BB51911C056CFEDBB05376887ED576D9E179600DC
Malicious:	false
Reputation:	low
Preview:	.P...{:qZ.:..u.

C:\ProgramData\yysrkymy.zki Download File
Process:	C:\Windows\System32\loaddll32.exe
File Type:	data
Category:	dropped
Size (bytes):	5107
Entropy (8bit):	7.019361392364344
Encrypted:	false
SSDEEP:	96:61fsqP9p6/PzlTWqcXwpy8JkPR+4rfQPEI9DWkz9+irfa+cZ8CdGDncL:gfT9pYpUwpt+0EuRrCdTdG7i
MD5:	6F668C190D44BE0D06FCB36F647BC5C1
SHA1:	ED70C2CB35FBE77C0864348A8E24127490F4C861
SHA-256:	3ED8A75FB650DE94D49F26B46CEE76BC2ECBF5ACFDA4EA655854E4FEEA272FE5
SHA-512:	6E9A4414666F3C9C16B17C56AC85B2DCDFDCCAD48EDE2409CFCFCCE1F5FA7EA434CBE2A004847462EEC2AE20FDF4DFAA29836C899240C00CB36374BF7FB98985
Malicious:	false
Reputation:	low
Preview:	m.B.S.(j..L...L...........L.m.B.................................................................................................................................................................Q.B........$.4$.4$...:.!.....M.......).[R_..$......G....c...[.....:.c...h`t.^..$.*.......,$.'...TZ............h!.6..,$...._..w..I....\........[..$.......,$............4$.......,$T.,$......Q......................Y......U.t$.]..$\U..${.Th..$Sh..}[1\$...$......YW.2...E../..m.....M.............$\.a....t$..6.....].l...h.$<6..$h.49J..$..?_..../......Q.....^.........$....\.;.......,$..?.h)l$..J......?.hS.....R."..O)..4$.N...............4$S.4$......$....U.4$h.\|p^.2...].4$..$U..............,$\R.c...Z...V.....).^...........^1._.%...U.....................].....$.....P.4$..$=.........,$....$$..$.[R.......Z......3.$1.$3.$\h.-....$......4$..$R..$...y.......$...........Y.m.....$R..$..o_..$......4$.....(.Y..[..........,$\.%........$....\C.7...........)L$.Q..u.k.l$....~.l$..\|./)L$..D$..\|./.D$..

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.928840734574505
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.40% Win16/32 Executable Delphi generic (2074/23) 0.21% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	fnp_my.dll
File size:	5310464
MD5:	9e7f0e102da06fea22b2f42c7023f4d0
SHA1:	18bf04d09683aa5c664e0ccf52ac205a974ed9cd
SHA256:	8126a938b442f7fb4d8a405efb6db33890c1b34f8a886bbf764bb618eafe392d
SHA512:	886e876c7f4e8fc301ea67a9cf1c586f28e4f49034e5184e460fe5705bcf0236fed35e5b9192ca66e9e3878aa818bdad0912b251086bfe8096c849347d7a402d
SSDEEP:	98304:OOtTQA8r4xSDJupAk0kcXvJQvkVtcNTOp/6syMB3WB4vCMG0AfyiJwQC:OCDSeZmjqvy1/6tMF5Zb5
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0xfc4000
Entrypoint Section:	pdnzzolr
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x590341E6 [Fri Apr 28 13:21:42 2017 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	baa93d47220682c04d92f7797d9224ce

Entrypoint Preview

Instruction
push esi
push eax
push ebx
call 00007F20E4F7D636h
int3
pop eax
mov ebx, eax
inc eax
sub eax, 004A8000h
sub eax, 06BF6C28h
add eax, 06BF6C1Fh
cmp byte ptr [ebx], FFFFFFCCh
jne 00007F20E4F7D64Bh
mov byte ptr [ebx], 00000000h
mov ebx, 00001000h
push 192D467Fh
push 20C281D5h
push ebx
push eax
call 00007F20E4F7D63Fh
add eax, 00000000h
mov dword ptr [esp+08h], eax
pop ebx
pop eax
ret
push ebp
mov ebp, esp
push eax
push ebx
push ecx
push esi
mov esi, dword ptr [ebp+08h]
mov ecx, dword ptr [ebp+0Ch]
shr ecx, 02h
mov eax, dword ptr [ebp+10h]
mov ebx, dword ptr [ebp+14h]
test ecx, ecx
je 00007F20E4F7D63Ch
xor dword ptr [esi], eax
add dword ptr [esi], ebx
add esi, 04h
dec ecx
jmp 00007F20E4F7D624h
pop esi
pop ecx
pop ebx
pop eax
leave
retn 0010h
fidiv word ptr [edi+edx*2+6Ah]
cmc
adc eax, 7114A3A2h
xchg eax, ebx
pop esp
mov cl, ah
inc ebx
add byte ptr [edi], ch
add eax, 7DDA218Fh
dec ebx
push ebp
jmp 00007F20E4F7D5D0h
xchg eax, edx
pop es
add ebp, dword ptr [eax+edi*4]
adc eax, 676B1FEFh
sbb al, byte ptr [ebp+12h]
cmp al, byte ptr [edi+6B5A17ACh]
jc 00007F20E4F7D69Ah
inc dword ptr [ebx+46h]
sub bl, byte ptr [esi-7Fh]
out dx, al
retn FF92h
xchg byte ptr [eax-48h], ch
or eax, dword ptr [eax]
add byte ptr [ecx+12682434h], cl
pop ds
add byte ptr [eax], al
mov dword ptr [esp], eax
mov ebx, 678C1325h
mov eax, D1643A86h
sub eax, ebx
add ebx, 00000000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xbc354c	0x98	ipjhmkim
IMAGE_DIRECTORY_ENTRY_IMPORT	0x14406d	0x95	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x13f000	0x4200	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1441f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x122000	0x1ea
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x13e000	0x66200	False	0.998778400398	data	7.98647327711	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x13f000	0x4200	0x1800	False	0.833658854167	data	7.1537166158	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.idata	0x144000	0x1000	0x200	False	0.181640625	data	1.29348767602	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
	0x145000	0x5d7000	0x200	unknown	unknown	unknown	unknown	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
ipjhmkim	0x71c000	0x4a8000	0x4a7800	unknown	unknown	unknown	unknown	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
pdnzzolr	0xbc4000	0x1000	0x200	False	1.021484375	data	7.23203811633	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_STRING	0x13f490	0x70	data
RT_STRING	0x13f500	0x364	data
RT_STRING	0x13f864	0x398	data
RT_STRING	0x13fbfc	0x334	MPEG ADTS, layer II, v2, 80 kbps, 16 kHz, Monaural
RT_STRING	0x13ff30	0x478	data
RT_STRING	0x1403a8	0x350	data
RT_STRING	0x1406f8	0x3bc	data
RT_STRING	0x140ab4	0x5bc	empty
RT_STRING	0x141070	0x398	empty
RT_STRING	0x141408	0x448	empty
RT_STRING	0x141850	0x210	empty
RT_STRING	0x141a60	0xbc	empty
RT_STRING	0x141b1c	0x100	empty
RT_STRING	0x141c1c	0x338	empty
RT_STRING	0x141f54	0x478	empty
RT_STRING	0x1423cc	0x354	empty
RT_STRING	0x142720	0x2b8	empty
RT_RCDATA	0x1429d8	0x10	empty
RT_RCDATA	0x1429e8	0x4a0	empty
RT_RCDATA	0x142e88	0x2	empty	English	United States
RT_VERSION	0xbc35e4	0x1f4	data	English	United States

Imports

DLL	Import
kernel32.dll	lstrcpy
comctl32.dll	InitCommonControls

Exports

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x45cfac
__dbk_fcall_wrapper	2	0x410388
dbkFCallWrapperAddr	1	0x5195ac

Version Infos

Description	Data
ProductName	fnp_my
ProgramID	com.embarcadero.fnp_my
FileDescription	fnp_my
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
Translation	0x0409 0x04e4

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 6540 Parent PID: 5812

General

Start time:	21:41:00
Start date:	27/01/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\fnp_my.dll'
Imagebase:	0x380000
File size:	120832 bytes
MD5 hash:	2D39D4DFDE8F7151723794029AB8A034
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: rundll32.exe PID: 6780 Parent PID: 6540

General

Start time:	21:41:04
Start date:	27/01/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\fnp_my.dll,TMethodImplementationIntercept
Imagebase:	0xcb0000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: rundll32.exe PID: 6924 Parent PID: 6540

General

Start time:	21:41:08
Start date:	27/01/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\fnp_my.dll,__dbk_fcall_wrapper
Imagebase:	0xcb0000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: rundll32.exe PID: 7056 Parent PID: 6540

General

Start time:	21:41:11
Start date:	27/01/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\fnp_my.dll,dbkFCallWrapperAddr
Imagebase:	0xcb0000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report fnp_my.dll

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

AV Detection:

Compliance:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: loaddll32.exe PID: 6540 Parent PID: 5812

General

Analysis Process: rundll32.exe PID: 6780 Parent PID: 6540

General

Analysis Process: rundll32.exe PID: 6924 Parent PID: 6540

General

Analysis Process: rundll32.exe PID: 7056 Parent PID: 6540

General

Disassembly

Code Analysis