Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8A72 NtProtectVirtualMemory, | 0_2_021F8A72 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F1EDB NtWriteVirtualMemory,LoadLibraryA, | 0_2_021F1EDB |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8F4F NtSetContextThread, | 0_2_021F8F4F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F578B NtAllocateVirtualMemory, | 0_2_021F578B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F0B81 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA, | 0_2_021F0B81 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F04E5 EnumWindows,NtWriteVirtualMemory,LoadLibraryA, | 0_2_021F04E5 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F4E0A NtWriteVirtualMemory, | 0_2_021F4E0A |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F927E NtSetContextThread, | 0_2_021F927E |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F46B8 NtWriteVirtualMemory, | 0_2_021F46B8 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F4AAA NtWriteVirtualMemory, | 0_2_021F4AAA |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F4ADA NtWriteVirtualMemory, | 0_2_021F4ADA |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F433C NtWriteVirtualMemory, | 0_2_021F433C |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8F5C NtSetContextThread, | 0_2_021F8F5C |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F3BB6 NtWriteVirtualMemory, | 0_2_021F3BB6 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8FB4 NtSetContextThread, | 0_2_021F8FB4 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F73A9 NtWriteVirtualMemory, | 0_2_021F73A9 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8FD6 NtSetContextThread, | 0_2_021F8FD6 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F245F NtWriteVirtualMemory, | 0_2_021F245F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F9058 NtSetContextThread, | 0_2_021F9058 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F4050 NtWriteVirtualMemory, | 0_2_021F4050 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F489B NtWriteVirtualMemory, | 0_2_021F489B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F0495 NtWriteVirtualMemory, | 0_2_021F0495 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F90D7 NtSetContextThread, | 0_2_021F90D7 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F4CF4 NtWriteVirtualMemory, | 0_2_021F4CF4 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F916F NtSetContextThread, | 0_2_021F916F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00565798 NtAllocateVirtualMemory, | 16_2_00565798 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F7EA7 | 0_2_021F7EA7 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F1EDB | 0_2_021F1EDB |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8F4F | 0_2_021F8F4F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F578B | 0_2_021F578B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F0B81 | 0_2_021F0B81 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F04E5 | 0_2_021F04E5 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F7E1F | 0_2_021F7E1F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F0E0C | 0_2_021F0E0C |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F7A0B | 0_2_021F7A0B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F2655 | 0_2_021F2655 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F2A4A | 0_2_021F2A4A |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F2A75 | 0_2_021F2A75 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F9AB9 | 0_2_021F9AB9 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F46B8 | 0_2_021F46B8 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F4AAA | 0_2_021F4AAA |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F4ADA | 0_2_021F4ADA |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F433C | 0_2_021F433C |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F7B34 | 0_2_021F7B34 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8F5C | 0_2_021F8F5C |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F0F4A | 0_2_021F0F4A |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F5B9B | 0_2_021F5B9B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F3BB6 | 0_2_021F3BB6 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8FB4 | 0_2_021F8FB4 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F0FAC | 0_2_021F0FAC |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F73A9 | 0_2_021F73A9 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F7BDB | 0_2_021F7BDB |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8FD6 | 0_2_021F8FD6 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F83CF | 0_2_021F83CF |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F1BF9 | 0_2_021F1BF9 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F1BF7 | 0_2_021F1BF7 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F7C0D | 0_2_021F7C0D |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F2C04 | 0_2_021F2C04 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F5403 | 0_2_021F5403 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F7C02 | 0_2_021F7C02 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8029 | 0_2_021F8029 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F245F | 0_2_021F245F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F9058 | 0_2_021F9058 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F4050 | 0_2_021F4050 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F0C4E | 0_2_021F0C4E |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F2877 | 0_2_021F2877 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8874 | 0_2_021F8874 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F489B | 0_2_021F489B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F0495 | 0_2_021F0495 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F90D7 | 0_2_021F90D7 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F0CC2 | 0_2_021F0CC2 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F4CF4 | 0_2_021F4CF4 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F88F1 | 0_2_021F88F1 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F3D14 | 0_2_021F3D14 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F352B | 0_2_021F352B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F792B | 0_2_021F792B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F7528 | 0_2_021F7528 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F7922 | 0_2_021F7922 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8921 | 0_2_021F8921 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F554D | 0_2_021F554D |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F796F | 0_2_021F796F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F916F | 0_2_021F916F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8166 | 0_2_021F8166 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F81B4 | 0_2_021F81B4 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F39D7 | 0_2_021F39D7 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F85F3 | 0_2_021F85F3 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00565798 | 16_2_00565798 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00564050 | 16_2_00564050 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056245F | 16_2_0056245F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00569058 | 16_2_00569058 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00562877 | 16_2_00562877 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00567C02 | 16_2_00567C02 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00567C0D | 16_2_00567C0D |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00564021 | 16_2_00564021 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_005690D7 | 16_2_005690D7 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00564CF4 | 16_2_00564CF4 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056489B | 16_2_0056489B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056554D | 16_2_0056554D |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056796F | 16_2_0056796F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056916F | 16_2_0056916F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00563D14 | 16_2_00563D14 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056792B | 16_2_0056792B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056352B | 16_2_0056352B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_005639D7 | 16_2_005639D7 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00562655 | 16_2_00562655 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00567A0B | 16_2_00567A0B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00564ADA | 16_2_00564ADA |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_005646B8 | 16_2_005646B8 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00569AB9 | 16_2_00569AB9 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00564AAA | 16_2_00564AAA |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00568F5C | 16_2_00568F5C |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00568F4F | 16_2_00568F4F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00567B34 | 16_2_00567B34 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056433C | 16_2_0056433C |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00568FD6 | 16_2_00568FD6 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00567BDB | 16_2_00567BDB |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_005683CF | 16_2_005683CF |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_005673CC | 16_2_005673CC |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00561BF7 | 16_2_00561BF7 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00561BF9 | 16_2_00561BF9 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00563BB6 | 16_2_00563BB6 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_00421041 push ss; retf | 0_2_00421042 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_00422433 push eax; iretd | 0_2_004224A1 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_004200E2 push eax; iretd | 0_2_004200E5 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_004210A8 push ebx; retf | 0_2_004210AE |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_00421D79 pushfd ; iretd | 0_2_00421D97 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_00405D8C push eax; retf | 0_2_00405DC6 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_004223E5 push eax; iretd | 0_2_004224A1 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8391 push edx; ret | 0_2_021F8392 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F83B8 push edx; ret | 0_2_021F83B9 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056540E pushad ; retf | 16_2_00565419 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00562F61 push esi; ret | 16_2_00562F63 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00560FFD push ebx; iretd | 16_2_0056100C |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00568391 push edx; ret | 16_2_00568392 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_005683B8 push edx; ret | 16_2_005683B9 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F1EDB NtWriteVirtualMemory,LoadLibraryA, | 0_2_021F1EDB |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F0B81 NtWriteVirtualMemory,TerminateProcess,LoadLibraryA, | 0_2_021F0B81 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F04E5 EnumWindows,NtWriteVirtualMemory,LoadLibraryA, | 0_2_021F04E5 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F7E1F | 0_2_021F7E1F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F2A4A | 0_2_021F2A4A |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F3296 | 0_2_021F3296 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F3714 | 0_2_021F3714 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F433C NtWriteVirtualMemory, | 0_2_021F433C |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F5B9B | 0_2_021F5B9B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F3BB6 NtWriteVirtualMemory, | 0_2_021F3BB6 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F73A9 NtWriteVirtualMemory, | 0_2_021F73A9 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F33E0 | 0_2_021F33E0 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8029 | 0_2_021F8029 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F245F NtWriteVirtualMemory, | 0_2_021F245F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F4050 NtWriteVirtualMemory, | 0_2_021F4050 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F0495 NtWriteVirtualMemory, | 0_2_021F0495 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F352B LoadLibraryA, | 0_2_021F352B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8166 | 0_2_021F8166 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F81B4 | 0_2_021F81B4 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00565798 NtAllocateVirtualMemory, | 16_2_00565798 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00564050 | 16_2_00564050 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056245F | 16_2_0056245F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056352B | 16_2_0056352B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00563714 | 16_2_00563714 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056433C | 16_2_0056433C |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_005673CC | 16_2_005673CC |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00563BB6 | 16_2_00563BB6 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F6EEA second address: 00000000021F73F6 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a add eax, FF6DF465h 0x0000000f add eax, 051D0E23h 0x00000014 cmp ch, FFFFFF9Bh 0x00000017 add eax, BB406732h 0x0000001c push ss 0x0000001d pop ss 0x0000001e jmp 00007F5D4C976313h 0x00000020 cmp dword ptr [ebp+0000024Eh], eax 0x00000026 mov eax, dword ptr [ebp+0000024Eh] 0x0000002c jne 00007F5D4C9763B8h 0x00000032 pushad 0x00000033 mov bl, 77h 0x00000035 cmp bl, 00000077h 0x00000038 jne 00007F5D4C978972h 0x0000003e popad 0x0000003f push 7DDA0CB7h 0x00000044 call 00007F5D4C97676Ah 0x00000049 mov eax, dword ptr fs:[00000030h] 0x0000004f mov eax, dword ptr [eax+0Ch] 0x00000052 test cx, ax 0x00000055 mov eax, dword ptr [eax+14h] 0x00000058 mov ecx, dword ptr [eax] 0x0000005a pushad 0x0000005b mov bx, 12CFh 0x0000005f cmp bx, 12CFh 0x00000064 jne 00007F5D4C96F563h 0x0000006a popad 0x0000006b mov eax, ecx 0x0000006d cmp dh, ah 0x0000006f jmp 00007F5D4C976316h 0x00000071 test bh, bh 0x00000073 mov ebx, dword ptr [eax+28h] 0x00000076 test bl, dl 0x00000078 mov dword ptr [ebp+00000238h], edx 0x0000007e pushad 0x0000007f lfence 0x00000082 rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F92DD second address: 00000000021F92DD instructions: |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F031E second address: 00000000021F0397 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a add dword ptr [esp], DD0EB426h 0x00000011 xor dword ptr [esp], A2789713h 0x00000018 cmp bx, dx 0x0000001b sub dword ptr [esp], 57D82723h 0x00000022 cmp dl, bl 0x00000024 push dword ptr [ebp+24h] 0x00000027 push B41326CDh 0x0000002c add dword ptr [esp], 5BFCB3E1h 0x00000033 xor dword ptr [esp], 23E80C5Ch 0x0000003a cmp dx, dx 0x0000003d xor dword ptr [esp], 33E7D6F2h 0x00000044 test eax, AA1C1C90h 0x00000049 test edi, C711A858h 0x0000004f mov dword ptr [ebp+0000022Ch], edi 0x00000055 cmp cx, cx 0x00000058 mov edi, 3881A7FFh 0x0000005d nop 0x0000005e sub edi, 3134FF81h 0x00000064 xor edi, E289D110h 0x0000006a add edi, 1A3A8692h 0x00000070 test dl, al 0x00000072 push edi 0x00000073 pushad 0x00000074 mov edi, 00000083h 0x00000079 rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F54F3 second address: 00000000021F54F3 instructions: |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F431B second address: 00000000021F431B instructions: |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F4503 second address: 00000000021F453E instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor dword ptr [edi-04h], A6386E0Bh 0x00000011 xor dword ptr [edi-04h], B9D6F6F7h 0x00000018 cmp cx, ax 0x0000001b add dword ptr [edi-04h], 7462BF15h 0x00000022 test cx, cx 0x00000025 sub edi, 08h 0x00000028 mov dword ptr [ebp+00000273h], ebx 0x0000002e cmp dx, BBD8h 0x00000033 mov ebx, edi 0x00000035 pushad 0x00000036 mov esi, 00000075h 0x0000003b rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F6EEA second address: 00000000021F73F6 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a add eax, FF6DF465h 0x0000000f add eax, 051D0E23h 0x00000014 cmp ch, FFFFFF9Bh 0x00000017 add eax, BB406732h 0x0000001c push ss 0x0000001d pop ss 0x0000001e jmp 00007F5D4C976313h 0x00000020 cmp dword ptr [ebp+0000024Eh], eax 0x00000026 mov eax, dword ptr [ebp+0000024Eh] 0x0000002c jne 00007F5D4C9763B8h 0x00000032 pushad 0x00000033 mov bl, 77h 0x00000035 cmp bl, 00000077h 0x00000038 jne 00007F5D4C978972h 0x0000003e popad 0x0000003f push 7DDA0CB7h 0x00000044 call 00007F5D4C97676Ah 0x00000049 mov eax, dword ptr fs:[00000030h] 0x0000004f mov eax, dword ptr [eax+0Ch] 0x00000052 test cx, ax 0x00000055 mov eax, dword ptr [eax+14h] 0x00000058 mov ecx, dword ptr [eax] 0x0000005a pushad 0x0000005b mov bx, 12CFh 0x0000005f cmp bx, 12CFh 0x00000064 jne 00007F5D4C96F563h 0x0000006a popad 0x0000006b mov eax, ecx 0x0000006d cmp dh, ah 0x0000006f jmp 00007F5D4C976316h 0x00000071 test bh, bh 0x00000073 mov ebx, dword ptr [eax+28h] 0x00000076 test bl, dl 0x00000078 mov dword ptr [ebp+00000238h], edx 0x0000007e pushad 0x0000007f lfence 0x00000082 rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F73F6 second address: 00000000021F74C0 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov edx, 2A63ED14h 0x00000010 cmp ax, dx 0x00000013 xor edx, 8CD6B9A0h 0x00000019 xor edx, 8DA3C863h 0x0000001f cmp eax, ecx 0x00000021 sub edx, 2B169CD7h 0x00000027 test ebx, E044EBDBh 0x0000002d cmp ebx, edx 0x0000002f mov edx, dword ptr [ebp+00000238h] 0x00000035 je 00007F5D4C979AC8h 0x0000003b fnop 0x0000003d mov dword ptr [ebp+00000222h], eax 0x00000043 pushad 0x00000044 mov bh, 9Ah 0x00000046 cmp bh, FFFFFF9Ah 0x00000049 jne 00007F5D4C976622h 0x0000004f popad 0x00000050 mov eax, ebx 0x00000052 push eax 0x00000053 mov eax, dword ptr [ebp+00000222h] 0x00000059 test dl, 0000005Ah 0x0000005c cmp cx, dx 0x0000005f call 00007F5D4C979AA7h 0x00000064 pushad 0x00000065 lfence 0x00000068 rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F58DE second address: 00000000021F593B instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 sub dword ptr [esp], F2A63F26h 0x0000000a test bx, ax 0x0000000d xor dword ptr [esp], 1168D9BEh 0x00000014 mov dword ptr [ebp+00000148h], 00000000h 0x0000001e add ebx, 04h 0x00000021 mov dword ptr [ebp+0000018Bh], esi 0x00000027 mov esi, ebx 0x00000029 push esi 0x0000002a mov esi, dword ptr [ebp+0000018Bh] 0x00000030 cmp ch, dh 0x00000032 mov dword ptr [ebp+000001E4h], ecx 0x00000038 mov ecx, 785B2C8Ch 0x0000003d test ebx, eax 0x0000003f test bx, bx 0x00000042 xor ecx, C683D913h 0x00000048 cmp dl, 00000035h 0x0000004b add ecx, 3D510807h 0x00000051 sub ecx, FC29FDA7h 0x00000057 pushad 0x00000058 mov esi, 00000084h 0x0000005d rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F92DD second address: 00000000021F92DD instructions: |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F785E second address: 00000000021F785E instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, 5C0051C0h 0x00000013 xor eax, 94AC04D9h 0x00000018 xor eax, B48B5376h 0x0000001d add eax, 83D8F992h 0x00000022 cpuid 0x00000024 bt ecx, 1Fh 0x00000028 jc 00007F5D4C9769F4h 0x0000002e popad 0x0000002f test ch, dh 0x00000031 call 00007F5D4C97645Bh 0x00000036 lfence 0x00000039 rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F031E second address: 00000000021F0397 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a add dword ptr [esp], DD0EB426h 0x00000011 xor dword ptr [esp], A2789713h 0x00000018 cmp bx, dx 0x0000001b sub dword ptr [esp], 57D82723h 0x00000022 cmp dl, bl 0x00000024 push dword ptr [ebp+24h] 0x00000027 push B41326CDh 0x0000002c add dword ptr [esp], 5BFCB3E1h 0x00000033 xor dword ptr [esp], 23E80C5Ch 0x0000003a cmp dx, dx 0x0000003d xor dword ptr [esp], 33E7D6F2h 0x00000044 test eax, AA1C1C90h 0x00000049 test edi, C711A858h 0x0000004f mov dword ptr [ebp+0000022Ch], edi 0x00000055 cmp cx, cx 0x00000058 mov edi, 3881A7FFh 0x0000005d nop 0x0000005e sub edi, 3134FF81h 0x00000064 xor edi, E289D110h 0x0000006a add edi, 1A3A8692h 0x00000070 test dl, al 0x00000072 push edi 0x00000073 pushad 0x00000074 mov edi, 00000083h 0x00000079 rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F81EC second address: 00000000021F822F instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b test edx, 94B68C09h 0x00000011 mov byte ptr [eax+02h], 00000037h 0x00000015 cmp ecx, 231EEF59h 0x0000001b xor byte ptr [eax+02h], 00000047h 0x0000001f test eax, ebx 0x00000021 xor byte ptr [eax+02h], FFFFFFD6h 0x00000025 cmp al, cl 0x00000027 sub byte ptr [eax+02h], FFFFFFEEh 0x0000002b test eax, 87C1F4F0h 0x00000030 mov edx, dword ptr [ebp+00000138h] 0x00000036 mov dword ptr [eax+03h], edx 0x00000039 mov byte ptr [eax+07h], 0000007Eh 0x0000003d cmp ah, ah 0x0000003f pushad 0x00000040 lfence 0x00000043 rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F54F3 second address: 00000000021F54F3 instructions: |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F423B second address: 00000000021F429F instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 add dword ptr [edi+00000400h], AE13020Fh 0x0000000d sub dword ptr [edi+00000400h], 1CB14038h 0x00000017 add edi, 00000800h 0x0000001d cmp eax, ebx 0x0000001f mov dword ptr [ebp+00000258h], esi 0x00000025 mov esi, edi 0x00000027 push esi 0x00000028 pushad 0x00000029 mov ax, FC9Dh 0x0000002d cmp ax, 0000FC9Dh 0x00000031 jne 00007F5D4C9726BBh 0x00000037 popad 0x00000038 mov esi, dword ptr [ebp+00000258h] 0x0000003e test ch, ah 0x00000040 sub edi, 00000400h 0x00000046 push edi 0x00000047 mov dword ptr [ebp+000001C6h], ecx 0x0000004d cmp ax, 000007EAh 0x00000051 mov ecx, ED8EAE1Fh 0x00000056 test edx, eax 0x00000058 sub ecx, 1F47D02Eh 0x0000005e pushad 0x0000005f mov edx, 00000012h 0x00000064 rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F429F second address: 00000000021F431B instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 xor ecx, B78BEEF4h 0x00000009 sub ecx, 79CD3305h 0x0000000f cmp eax, ebx 0x00000011 push ecx 0x00000012 mov ecx, dword ptr [ebp+000001C6h] 0x00000018 pushad 0x00000019 mov ax, 5815h 0x0000001d cmp ax, 00005815h 0x00000021 jne 00007F5D4C975DA7h 0x00000027 popad 0x00000028 mov dword ptr [ebp+00000267h], edx 0x0000002e test ch, ah 0x00000030 mov edx, 8B79DAF0h 0x00000035 sub edx, F6E40DCFh 0x0000003b cmp dl, cl 0x0000003d xor edx, 76741942h 0x00000043 cmp ch, FFFFFFEBh 0x00000046 add edx, 1D1E2B9Dh 0x0000004c push edx 0x0000004d mov edx, dword ptr [ebp+00000267h] 0x00000053 cmp dh, ch 0x00000055 push B85066C5h 0x0000005a sub dword ptr [esp], DCEC679Bh 0x00000061 xor dword ptr [esp], 7F44C44Fh 0x00000068 cmp ecx, 5F196E4Eh 0x0000006e add dword ptr [esp], 5BD8C49Fh 0x00000075 mov dword ptr [ebp+000001D2h], ebx 0x0000007b pushad 0x0000007c rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F431B second address: 00000000021F431B instructions: |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F6AC5 second address: 00000000021F6AC5 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b cmp byte ptr [eax], cl 0x0000000d mov ecx, dword ptr [ebp+000001EBh] 0x00000013 jne 00007F5D4C9799F6h 0x00000015 cmp eax, eax 0x00000017 mov dl, byte ptr [eax] 0x00000019 mov byte ptr [ebx], dl 0x0000001b cmp ecx, edx 0x0000001d add eax, 02h 0x00000020 add ebx, 02h 0x00000023 add ecx, 02h 0x00000026 mov dword ptr [ebp+000001EBh], ecx 0x0000002c test cx, ax 0x0000002f mov ecx, 8BD2E791h 0x00000034 test ecx, eax 0x00000036 xor ecx, 5E03D163h 0x0000003c add ecx, 15B5ED3Ch 0x00000042 xor ecx, EB87242Eh 0x00000048 pushad 0x00000049 lfence 0x0000004c rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F4503 second address: 00000000021F453E instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a xor dword ptr [edi-04h], A6386E0Bh 0x00000011 xor dword ptr [edi-04h], B9D6F6F7h 0x00000018 cmp cx, ax 0x0000001b add dword ptr [edi-04h], 7462BF15h 0x00000022 test cx, cx 0x00000025 sub edi, 08h 0x00000028 mov dword ptr [ebp+00000273h], ebx 0x0000002e cmp dx, BBD8h 0x00000033 mov ebx, edi 0x00000035 pushad 0x00000036 mov esi, 00000075h 0x0000003b rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F49A9 second address: 00000000021F49F6 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov dword ptr [ebp+0000020Bh], esi 0x00000011 mov esi, eax 0x00000013 cmp ch, FFFFFF92h 0x00000016 push esi 0x00000017 test ebx, 9D1B03B2h 0x0000001d mov esi, dword ptr [ebp+0000020Bh] 0x00000023 pushad 0x00000024 mov cx, FBE3h 0x00000028 cmp cx, FBE3h 0x0000002d jne 00007F5D4C975691h 0x00000033 popad 0x00000034 mov dword ptr [ebp+00000211h], ecx 0x0000003a mov ecx, 9C111FBCh 0x0000003f test al, al 0x00000041 cmp ecx, eax 0x00000043 xor ecx, E8D4BD1Ch 0x00000049 pushad 0x0000004a lfence 0x0000004d rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000021F4CB8 second address: 00000000021F4D88 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov dword ptr [ebp+00000100h], F6F0BFE9h 0x00000015 jmp 00007F5D4C976342h 0x00000017 xor dword ptr [ebp+00000100h], B2BDCA7Eh 0x00000021 add dword ptr [ebp+00000100h], 0276E553h 0x0000002b add dword ptr [ebp+00000100h], B94BA516h 0x00000035 cmp bh, FFFFFF8Dh 0x00000038 mov ebx, ebp 0x0000003a add ebx, 00000100h 0x00000040 cmp al, cl 0x00000042 mov dword ptr [ebp+000001A4h], esi 0x00000048 mov esi, ebx 0x0000004a push esi 0x0000004b mov esi, dword ptr [ebp+000001A4h] 0x00000051 cmp bl, bl 0x00000053 push 77130013h 0x00000058 xor dword ptr [esp], 6830176Dh 0x0000005f cld 0x00000060 xor dword ptr [esp], 455A7242h 0x00000067 test dl, al 0x00000069 xor dword ptr [esp], 5A79653Ch 0x00000070 mov dword ptr [ebp+00000104h], B7F099FDh 0x0000007a test ecx, 83670C26h 0x00000080 test bl, cl 0x00000082 xor dword ptr [ebp+00000104h], 1230A70Dh 0x0000008c pushad 0x0000008d lfence 0x00000090 rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000005673F6 second address: 00000000005674C0 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a popad 0x0000000b mov edx, 2A63ED14h 0x00000010 cmp ax, dx 0x00000013 xor edx, 8CD6B9A0h 0x00000019 xor edx, 8DA3C863h 0x0000001f cmp eax, ecx 0x00000021 sub edx, 2B169CD7h 0x00000027 test ebx, E044EBDBh 0x0000002d cmp ebx, edx 0x0000002f mov edx, dword ptr [ebp+00000238h] 0x00000035 je 00007F5D4C979AC8h 0x0000003b fnop 0x0000003d mov dword ptr [ebp+00000222h], eax 0x00000043 pushad 0x00000044 mov bh, 9Ah 0x00000046 cmp bh, FFFFFF9Ah 0x00000049 jne 00007F5D4C976622h 0x0000004f popad 0x00000050 mov eax, ebx 0x00000052 push eax 0x00000053 mov eax, dword ptr [ebp+00000222h] 0x00000059 test dl, 0000005Ah 0x0000005c cmp cx, dx 0x0000005f call 00007F5D4C979AA7h 0x00000064 pushad 0x00000065 lfence 0x00000068 rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | RDTSC instruction interceptor: First address: 00000000005658DE second address: 000000000056593B instructions: 0x00000000 rdtsc 0x00000002 popad 0x00000003 sub dword ptr [esp], F2A63F26h 0x0000000a test bx, ax 0x0000000d xor dword ptr [esp], 1168D9BEh 0x00000014 mov dword ptr [ebp+00000148h], 00000000h 0x0000001e add ebx, 04h 0x00000021 mov dword ptr [ebp+0000018Bh], esi 0x00000027 mov esi, ebx 0x00000029 push esi 0x0000002a mov esi, dword ptr [ebp+0000018Bh] 0x00000030 cmp ch, dh 0x00000032 mov dword ptr [ebp+000001E4h], ecx 0x00000038 mov ecx, 785B2C8Ch 0x0000003d test ebx, eax 0x0000003f test bx, bx 0x00000042 xor ecx, C683D913h 0x00000048 cmp dl, 00000035h 0x0000004b add ecx, 3D510807h 0x00000051 sub ecx, FC29FDA7h 0x00000057 pushad 0x00000058 mov esi, 00000084h 0x0000005d rdtsc |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F7E1F mov eax, dword ptr fs:[00000030h] | 0_2_021F7E1F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F6E4F mov eax, dword ptr fs:[00000030h] | 0_2_021F6E4F |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F2A4A mov eax, dword ptr fs:[00000030h] | 0_2_021F2A4A |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F73A9 mov eax, dword ptr fs:[00000030h] | 0_2_021F73A9 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F5403 mov eax, dword ptr fs:[00000030h] | 0_2_021F5403 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F8029 mov eax, dword ptr fs:[00000030h] | 0_2_021F8029 |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 0_2_021F352B mov eax, dword ptr fs:[00000030h] | 0_2_021F352B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_0056352B mov eax, dword ptr fs:[00000030h] | 16_2_0056352B |
Source: C:\Users\user\Desktop\97bXaukEWl.exe | Code function: 16_2_00566E4F mov eax, dword ptr fs:[00000030h] | 16_2_00566E4F |