Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1637450
MD5:b689eca05ca79b008387a5115c61f71b
SHA1:7a4cf8520f18130b4e434e536178ce67e3275edc
SHA256:e9660d4168ce54a90597be7d9fb93e6f64b62b4b922beead20e06b823f15d35c
Tags:exeuser-jstrosch
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Entry point lies outside standard sections
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6692 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B689ECA05CA79B008387A5115C61F71B)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["absoulpushx.life/QZwszc", "begindecafer.world/QwdZdf", "garagedrootz.top/oPsoJAN", "modelshiverd.icu/bJhnsj", "arisechairedd.shop/JnsHY", "catterjur.run/boSnzhu", "orangemyther.live/IozZ", "fostinjec.today/LksNAz"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1341897745.0000000000638000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000000.00000003.1456563314.000000000063A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000000.00000003.1512694064.00000000005FA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: file.exe PID: 6692JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: file.exe PID: 6692JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.file.exe.6b0000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-13T16:38:57.334221+010020283713Unknown Traffic192.168.2.1049687104.73.234.102443TCP
              2025-03-13T16:39:00.061112+010020283713Unknown Traffic192.168.2.1049688188.114.96.3443TCP
              2025-03-13T16:39:03.431668+010020283713Unknown Traffic192.168.2.1049689104.73.234.102443TCP
              2025-03-13T16:39:05.910909+010020283713Unknown Traffic192.168.2.1049690188.114.96.3443TCP
              2025-03-13T16:39:08.918155+010020283713Unknown Traffic192.168.2.1049691104.73.234.102443TCP
              2025-03-13T16:39:12.052002+010020283713Unknown Traffic192.168.2.1049693104.73.234.102443TCP
              2025-03-13T16:39:15.096937+010020283713Unknown Traffic192.168.2.1049698104.73.234.102443TCP
              2025-03-13T16:39:17.785267+010020283713Unknown Traffic192.168.2.1049699188.114.96.3443TCP
              2025-03-13T16:39:20.929672+010020283713Unknown Traffic192.168.2.1049700104.73.234.102443TCP
              2025-03-13T16:39:23.560190+010020283713Unknown Traffic192.168.2.1049701188.114.96.3443TCP
              2025-03-13T16:39:27.550695+010020283713Unknown Traffic192.168.2.1049702104.73.234.102443TCP
              2025-03-13T16:39:30.332331+010020283713Unknown Traffic192.168.2.1049703188.114.96.3443TCP
              2025-03-13T16:39:35.519406+010020283713Unknown Traffic192.168.2.104970423.192.247.89443TCP
              2025-03-13T16:39:37.128000+010020283713Unknown Traffic192.168.2.104970523.192.247.89443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: file.exeAvira: detected
              Antivirus detection for URL or domain
              Source: orangemyther.live/IozZAvira URL Cloud: Label: malware
              Source: modelshiverd.icu/bJhnsjAvira URL Cloud: Label: malware
              Source: absoulpushx.life/QZwszcAvira URL Cloud: Label: malware
              Source: begindecafer.world/QwdZdfAvira URL Cloud: Label: malware
              Source: garagedrootz.top/oPsoJANAvira URL Cloud: Label: malware
              Source: catterjur.run/boSnzhuAvira URL Cloud: Label: malware
              Source: arisechairedd.shop/JnsHYAvira URL Cloud: Label: malware
              Found malware configuration
              Source: 0.2.file.exe.6b0000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["absoulpushx.life/QZwszc", "begindecafer.world/QwdZdf", "garagedrootz.top/oPsoJAN", "modelshiverd.icu/bJhnsj", "arisechairedd.shop/JnsHY", "catterjur.run/boSnzhu", "orangemyther.live/IozZ", "fostinjec.today/LksNAz"]}
              Multi AV Scanner detection for submitted file
              Source: file.exeVirustotal: Detection: 58%Perma Link
              Source: file.exeReversingLabs: Detection: 63%
              Joe Sandbox ML detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Sample uses string decryption to hide its real strings
              Source: 0.2.file.exe.6b0000.0.unpackString decryptor: absoulpushx.life/QZwszc
              Source: 0.2.file.exe.6b0000.0.unpackString decryptor: begindecafer.world/QwdZdf
              Source: 0.2.file.exe.6b0000.0.unpackString decryptor: garagedrootz.top/oPsoJAN
              Source: 0.2.file.exe.6b0000.0.unpackString decryptor: modelshiverd.icu/bJhnsj
              Source: 0.2.file.exe.6b0000.0.unpackString decryptor: arisechairedd.shop/JnsHY
              Source: 0.2.file.exe.6b0000.0.unpackString decryptor: catterjur.run/boSnzhu
              Source: 0.2.file.exe.6b0000.0.unpackString decryptor: orangemyther.live/IozZ
              Source: 0.2.file.exe.6b0000.0.unpackString decryptor: fostinjec.today/LksNAz
              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49687 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49688 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49689 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49690 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49691 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49693 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49698 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49699 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49700 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49701 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49702 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49703 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.10:49705 version: TLS 1.2

              Networking

              barindex
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: absoulpushx.life/QZwszc
              Source: Malware configuration extractorURLs: begindecafer.world/QwdZdf
              Source: Malware configuration extractorURLs: garagedrootz.top/oPsoJAN
              Source: Malware configuration extractorURLs: modelshiverd.icu/bJhnsj
              Source: Malware configuration extractorURLs: arisechairedd.shop/JnsHY
              Source: Malware configuration extractorURLs: catterjur.run/boSnzhu
              Source: Malware configuration extractorURLs: orangemyther.live/IozZ
              Source: Malware configuration extractorURLs: fostinjec.today/LksNAz
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 23.192.247.89 23.192.247.89
              Source: Joe Sandbox ViewIP Address: 104.73.234.102 104.73.234.102
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49691 -> 104.73.234.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49690 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49688 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49693 -> 104.73.234.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49702 -> 104.73.234.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49699 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49689 -> 104.73.234.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49698 -> 104.73.234.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49703 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49705 -> 23.192.247.89:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49687 -> 104.73.234.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49700 -> 104.73.234.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49701 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49704 -> 23.192.247.89:443
              Source: global trafficHTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 41Host: guntac.bet
              Source: global trafficHTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=9gpgDwJamQUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 14889Host: guntac.bet
              Source: global trafficHTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=k90ouIlQHs43HUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20395Host: guntac.bet
              Source: global trafficHTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=GYg92KytO11x5x87gj1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 2623Host: guntac.bet
              Source: global trafficHTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OzmQQd6JyCJH7JWP39User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 569958Host: guntac.bet
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: file.exeString found in binary or memory: //recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://sto equals www.youtube.com (Youtube)
              Source: file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
              Source: file.exe, 00000000.00000002.1710261932.0000000005380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=Nonesessionid=95683061ad06c5b6a685be99; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type36122Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:39:28 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=Nonesessionid=c5b2f73a3d71157bec47202c; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type36122Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:39:04 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
              Source: file.exe, 00000000.00000003.1455994116.0000000005387000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=Nonesessionid=dc0a7c2ba5ede9132a9a6f84; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-o equals www.youtube.com (Youtube)
              Source: file.exe, 00000000.00000003.1308747684.0000000000638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: cContent-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C38d44946 equals www.youtube.com (Youtube)
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
              Source: file.exe, 00000000.00000003.1568798556.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: fContent-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=Nonesessionid=8fe09e3844b51c99a1b53d14; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type36122Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:39:21 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
              Source: file.exe, 00000000.00000002.1708074193.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: fContent-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=Nonesessionid=955d4f7294f72fd46197c934; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26508Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:39:37 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
              Source: file.exeString found in binary or memory: maized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com htt equals www.youtube.com (Youtube)
              Source: file.exe, 00000000.00000002.1710283561.0000000005388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: owered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
              Source: file.exe, 00000000.00000002.1710283561.0000000005388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: owered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=Nonesessionid=dc0a7c2ba5ede9132a9a6f84; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-o equals www.youtube.com (Youtube)
              Source: file.exe, 00000000.00000003.1706844025.0000000000603000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516756974.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569048058.00000000005FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
              Source: global trafficDNS traffic detected: DNS query: absoulpushx.life
              Source: global trafficDNS traffic detected: DNS query: begindecafer.world
              Source: global trafficDNS traffic detected: DNS query: garagedrootz.top
              Source: global trafficDNS traffic detected: DNS query: modelshiverd.icu
              Source: global trafficDNS traffic detected: DNS query: arisechairedd.shop
              Source: global trafficDNS traffic detected: DNS query: catterjur.run
              Source: global trafficDNS traffic detected: DNS query: orangemyther.live
              Source: global trafficDNS traffic detected: DNS query: fostinjec.today
              Source: global trafficDNS traffic detected: DNS query: sterpickced.digital
              Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
              Source: global trafficDNS traffic detected: DNS query: guntac.bet
              Source: unknownHTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 41Host: guntac.bet
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
              Source: file.exe, 00000000.00000003.1456675460.000000000548D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: file.exe, 00000000.00000003.1456675460.000000000548D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: file.exe, 00000000.00000003.1516756974.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569048058.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1663155024.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512694064.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613567721.00000000005FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft.
              Source: file.exe, 00000000.00000003.1456675460.000000000548D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: file.exe, 00000000.00000003.1456675460.000000000548D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: file.exe, 00000000.00000003.1456675460.000000000548D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: file.exe, 00000000.00000003.1456675460.000000000548D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: file.exe, 00000000.00000003.1456675460.000000000548D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: file.exe, 00000000.00000003.1456675460.000000000548D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: file.exe, 00000000.00000003.1456675460.000000000548D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: file.exe, 00000000.00000003.1706844025.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707282504.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.00000000053B0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308869469.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392608971.000000000539C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
              Source: file.exe, 00000000.00000003.1706844025.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707282504.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.00000000053B0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308869469.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392608971.000000000539C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
              Source: file.exe, 00000000.00000003.1706844025.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707282504.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.00000000053B0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308869469.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392608971.000000000539C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
              Source: file.exe, 00000000.00000003.1456675460.000000000548D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: file.exe, 00000000.00000003.1456675460.000000000548D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: file.exe, 00000000.00000003.1341131806.00000000053B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
              Source: file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
              Source: file.exe, 00000000.00000003.1512397076.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1513026628.0000000005471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff
              Source: file.exe, 00000000.00000003.1573122592.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1573019521.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512397076.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1513026628.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.
              Source: file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
              Source: file.exe, 00000000.00000003.1341131806.00000000053B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: file.exe, 00000000.00000003.1341131806.00000000053B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: file.exe, 00000000.00000003.1341131806.00000000053B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: file.exe, 00000000.00000002.1707828889.0000000000603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.st
              Source: file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
              Source: file.exe, 00000000.00000003.1456183125.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.stea
              Source: file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
              Source: file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568879563.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308869469.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=V4P4q3q732
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456183125.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627431632.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1571861148.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=N4H9vOOxi8kG&l=english&am
              Source: file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627431632.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1571861148.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbb
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456183125.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708019521.0000000000641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=e
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456183125.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.0000000005393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&l=engli
              Source: file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627431632.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1571861148.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l
              Source: file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627431632.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1571861148.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=l1VAyDrxeeyo&l=en
              Source: file.exe, 00000000.00000003.1512524682.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568879563.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308869469.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392608971.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
              Source: file.exe, 00000000.00000003.1706844025.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.00000000053B0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1707828889.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392608971.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392662404.0000000005381000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
              Source: file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568879563.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308869469.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
              Source: file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568879563.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308869469.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=jfdb
              Source: file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568879563.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308869469.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456183125.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.0000000005393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=D1VziU1eIKI3&l=englis
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.0000000005393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a
              Source: file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=XfYrwi9zUC4b&l=
              Source: file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=engli
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=47omfdMZRDiz&l=engli
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=iGFW_JMULCcZ&
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456183125.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.0000000005393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456183125.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.0000000005393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD
              Source: file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1513026628.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=whw8EcafG167&amp
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456183125.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627431632.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1571861148.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&l=engl
              Source: file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708019521.0000000000641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&l=
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456183125.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627431632.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1571861148.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456183125.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.0000000005393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512524682.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568798556.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.0000000005393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.0000000005393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=oQ1d_VAfa_o
              Source: file.exe, 00000000.00000003.1573122592.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1573019521.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512397076.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1513026628.0000000005471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.0000000005393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
              Source: file.exe, 00000000.00000003.1568879563.00000000053E4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1517052354.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613402976.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.0000000005393000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710476850.00000000053D6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&
              Source: file.exe, 00000000.00000003.1341131806.00000000053B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: file.exe, 00000000.00000003.1341131806.00000000053B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
              Source: file.exe, 00000000.00000003.1341131806.00000000053B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: file.exe, 00000000.00000003.1341131806.00000000053B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
              Source: file.exe, 00000000.00000003.1663155024.00000000005E6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512586845.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392749507.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/
              Source: file.exe, 00000000.00000003.1392749507.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/7
              Source: file.exe, 00000000.00000003.1663155024.00000000005E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/A
              Source: file.exe, file.exe, 00000000.00000003.1568798556.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706844025.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707282504.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706844025.0000000000603000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512503550.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1707828889.00000000005C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1663155024.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1707828889.0000000000603000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1663155024.00000000005C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392749507.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/bSHsyZD
              Source: file.exe, 00000000.00000003.1627658648.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/bSHsyZD9
              Source: file.exe, 00000000.00000003.1569048058.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1663155024.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613567721.00000000005FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/bSHsyZDTq1
              Source: file.exe, 00000000.00000003.1512586845.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/bSHsyZDf
              Source: file.exe, 00000000.00000003.1568798556.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627658648.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516271711.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512586845.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/o
              Source: file.exe, 00000000.00000002.1707828889.0000000000603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.
              Source: file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
              Source: file.exe, 00000000.00000003.1573122592.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1573019521.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613460004.0000000005472000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512397076.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000064D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1513026628.0000000005471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
              Source: file.exe, 00000000.00000003.1706844025.0000000000603000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516756974.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569048058.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1663155024.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512694064.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613567721.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1707828889.0000000000603000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.(a
              Source: file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516756974.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569048058.00000000005FC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1663155024.00000000005FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512694064.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613567721.00000000005FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1707828889.0000000000603000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
              Source: file.exeString found in binary or memory: https://steambroadcastchat.ak
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
              Source: file.exe, 00000000.00000003.1706844025.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.00000000053B0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1707828889.00000000005BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
              Source: file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392749507.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
              Source: file.exe, 00000000.00000003.1456231593.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/)
              Source: file.exe, 00000000.00000003.1568798556.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627658648.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/1
              Source: file.exe, 00000000.00000003.1613357364.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/9
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000064D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
              Source: file.exe, 00000000.00000003.1706790563.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/a
              Source: file.exe, 00000000.00000003.1573122592.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1573019521.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512397076.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000064D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1513026628.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
              Source: file.exe, 00000000.00000003.1613357364.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/k
              Source: file.exe, 00000000.00000003.1706844025.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.00000000053B0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308869469.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1707828889.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392608971.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
              Source: file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000064D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
              Source: file.exe, 00000000.00000003.1573122592.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1573019521.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568798556.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512397076.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1513026628.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
              Source: file.exe, 00000000.00000003.1308747684.0000000000638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/p
              Source: file.exe, 00000000.00000003.1308869469.00000000005C4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392608971.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/badges
              Source: file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308869469.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392608971.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/inventory/
              Source: file.exe, 00000000.00000003.1706790563.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611998223751281
              Source: file.exe, 00000000.00000003.1568798556.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627658648.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/765611998223751289
              Source: file.exe, 00000000.00000003.1706790563.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/q
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000064D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
              Source: file.exe, 00000000.00000003.1456231593.000000000065B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
              Source: file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
              Source: file.exe, file.exe, 00000000.00000003.1568798556.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710261932.0000000005380000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456183125.00000000053D8000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308966636.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516470447.0000000005490000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455994116.0000000005387000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000638000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627658648.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.0000000005388000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627547937.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
              Source: file.exe, 00000000.00000003.1568798556.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710261932.0000000005380000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1708074193.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455994116.0000000005387000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000638000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1627658648.000000000065B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.0000000005388000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou
              Source: file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
              Source: file.exe, 00000000.00000003.1573122592.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1573019521.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568798556.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512397076.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1513026628.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
              Source: file.exe, 00000000.00000003.1706844025.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707282504.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.0000000000639000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.00000000053B0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710283561.00000000053A4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308869469.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392608971.000000000539C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
              Source: file.exe, 00000000.00000003.1573122592.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1573019521.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613460004.0000000005472000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512397076.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1513026628.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568798556.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512397076.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1513026628.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568798556.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1512397076.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1513026628.0000000005471000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
              Source: file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707243241.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613357364.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613295548.0000000005468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
              Source: file.exe, 00000000.00000003.1458323227.00000000056AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: file.exe, 00000000.00000003.1458323227.00000000056AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: file.exe, 00000000.00000003.1341131806.00000000053B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: file.exe, 00000000.00000003.1341131806.00000000053B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
              Source: file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
              Source: file.exe, 00000000.00000003.1458323227.00000000056AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
              Source: file.exe, 00000000.00000003.1458323227.00000000056AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
              Source: file.exe, 00000000.00000003.1458323227.00000000056AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: file.exe, 00000000.00000003.1458323227.00000000056AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: file.exe, 00000000.00000003.1458323227.00000000056AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: file.exe, 00000000.00000003.1706844025.00000000005BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1456508027.0000000005398000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707282504.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568748032.0000000005468000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308696532.000000000063F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707031094.00000000053B0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455952679.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425201943.00000000053D7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706729304.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425265170.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425283778.00000000053AC000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005397000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613319363.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1613179988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568502988.0000000005467000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1455930712.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1392608971.000000000539C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308747684.0000000000648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1568771752.0000000000667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706790563.0000000000643000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
              Source: file.exe, 00000000.00000003.1369763488.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706660277.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1425224003.0000000005389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1710674432.000000000548A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1369728196.0000000005390000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1569141379.000000000548A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
              Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
              Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
              Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
              Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
              Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49687 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49688 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49689 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49690 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49691 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49693 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49698 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49699 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49700 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49701 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.10:49702 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.10:49703 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.10:49705 version: TLS 1.2

              System Summary

              barindex
              PE file contains section with special chars
              Source: file.exeStatic PE information: section name:
              Source: file.exeStatic PE information: section name: .idata
              Source: file.exeStatic PE information: section name:
              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: file.exeStatic PE information: Section: cwszxsig ZLIB complexity 0.9941723068113547
              Source: file.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@13/3
              Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: file.exe, 00000000.00000003.1340625385.00000000053A7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1341131806.0000000005384000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1393230771.000000000539F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1393709789.0000000005386000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: file.exeVirustotal: Detection: 58%
              Source: file.exeReversingLabs: Detection: 63%
              Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: file.exeStatic file information: File size 2108928 > 1048576
              Source: file.exeStatic PE information: Raw size of cwszxsig is bigger than: 0x100000 < 0x1a0200

              Data Obfuscation

              barindex
              Detected unpacking (changes PE section rights)
              Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.6b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;cwszxsig:EW;kuvvwhhi:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;cwszxsig:EW;kuvvwhhi:EW;.taggant:EW;
              Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
              Source: file.exeStatic PE information: real checksum: 0x206f71 should be: 0x208594
              Source: file.exeStatic PE information: section name:
              Source: file.exeStatic PE information: section name: .idata
              Source: file.exeStatic PE information: section name:
              Source: file.exeStatic PE information: section name: cwszxsig
              Source: file.exeStatic PE information: section name: kuvvwhhi
              Source: file.exeStatic PE information: section name: .taggant
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push ecx; ret 0_3_00666971
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push ecx; ret 0_3_00666971
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push ecx; ret 0_3_00666971
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push ecx; ret 0_3_00666971
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push ecx; ret 0_3_00666971
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00662B48 push ss; retf 0_3_00662B49
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666918 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666918 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666918 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666918 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666918 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push ecx; ret 0_3_00666971
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push ecx; ret 0_3_00666971
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push ecx; ret 0_3_00666971
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push ecx; ret 0_3_00666971
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666942 push ecx; ret 0_3_00666971
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666918 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666918 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666918 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666918 push edi; ret 0_3_00666941
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00666918 push edi; ret 0_3_00666941
              Source: file.exeStatic PE information: section name: entropy: 7.149032166953369
              Source: file.exeStatic PE information: section name: cwszxsig entropy: 7.9529081143104206

              Boot Survival

              barindex
              Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\file.exeSystem information queried: FirmwareTableInformationJump to behavior
              Tries to detect sandboxes / dynamic malware analysis system (registry check)
              Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D26F second address: 88D27A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F41851B0BE6h 0x0000000a popad 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D27A second address: 88D280 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D280 second address: 88D290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F41851B0BE6h 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D290 second address: 88D294 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D402 second address: 88D424 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D424 second address: 88D428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D5C4 second address: 88D5E6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F41851B0BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F41851B0BF0h 0x0000000f jne 00007F41851B0BEEh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D764 second address: 88D795 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4184CD4C76h 0x00000008 jo 00007F4184CD4C76h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jnp 00007F4184CD4C91h 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D795 second address: 88D79F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F41851B0BE6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D79F second address: 88D7B5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4184CD4C76h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jp 00007F4184CD4C76h 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D7B5 second address: 88D7B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D923 second address: 88D929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D929 second address: 88D931 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88DAB1 second address: 88DABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4184CD4C76h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88DABB second address: 88DAC9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F41851B0BE6h 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 890C8D second address: 890D1D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F4184CD4C7Dh 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jng 00007F4184CD4C7Ah 0x00000016 push ebx 0x00000017 pushad 0x00000018 popad 0x00000019 pop ebx 0x0000001a mov eax, dword ptr [eax] 0x0000001c push edx 0x0000001d jmp 00007F4184CD4C7Ch 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 jp 00007F4184CD4C80h 0x0000002d pop eax 0x0000002e call 00007F4184CD4C80h 0x00000033 mov dx, 9FB7h 0x00000037 pop ecx 0x00000038 push 00000003h 0x0000003a sub ecx, dword ptr [ebp+122D37E3h] 0x00000040 push 00000000h 0x00000042 movsx esi, cx 0x00000045 push 00000003h 0x00000047 sub dword ptr [ebp+122D34BDh], edx 0x0000004d call 00007F4184CD4C79h 0x00000052 jmp 00007F4184CD4C7Ch 0x00000057 push eax 0x00000058 js 00007F4184CD4C80h 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 890D1D second address: 890D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push esi 0x0000000c jno 00007F41851B0BECh 0x00000012 pop esi 0x00000013 mov eax, dword ptr [eax] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F41851B0BEAh 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 890D44 second address: 890D76 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F4184CD4C85h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4184CD4C80h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AE41F second address: 8AE423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AE423 second address: 8AE47A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C82h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jmp 00007F4184CD4C7Fh 0x0000000f pop ebx 0x00000010 pushad 0x00000011 jbe 00007F4184CD4C7Ch 0x00000017 js 00007F4184CD4C7Ch 0x0000001d jns 00007F4184CD4C76h 0x00000023 push ecx 0x00000024 jnp 00007F4184CD4C76h 0x0000002a jmp 00007F4184CD4C7Ch 0x0000002f pop ecx 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AE47A second address: 8AE482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AE6F1 second address: 8AE70D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4184CD4C86h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AE9B8 second address: 8AE9E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F41851B0BEDh 0x00000009 jnl 00007F41851B0BE6h 0x0000000f popad 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 jmp 00007F41851B0BF1h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b pop ebx 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AE9E8 second address: 8AEA11 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnp 00007F4184CD4C76h 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007F4184CD4C89h 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AEB77 second address: 8AEB84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AEB84 second address: 8AEB88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AEB88 second address: 8AEBCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BEBh 0x00000007 jmp 00007F41851B0BF9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jns 00007F41851B0BE6h 0x00000015 jmp 00007F41851B0BF3h 0x0000001a push edi 0x0000001b pop edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AECE7 second address: 8AECEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AEE4C second address: 8AEE52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AEFA3 second address: 8AEFA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AEFA7 second address: 8AEFAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AEFAD second address: 8AEFB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF38A second address: 8AF399 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnl 00007F41851B0BE6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF399 second address: 8AF3A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F4184CD4C76h 0x0000000a popad 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF3A4 second address: 8AF3AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF3AA second address: 8AF3B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF3B0 second address: 8AF3C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BECh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF3C0 second address: 8AF3D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4184CD4C7Eh 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A3B07 second address: 8A3B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F41851B0BF2h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8867F9 second address: 8867FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8867FD second address: 88681F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pushad 0x0000000b jmp 00007F41851B0BEBh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AF511 second address: 8AF517 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AFAE1 second address: 8AFAE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AFC7D second address: 8AFC9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F4184CD4C89h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AFC9F second address: 8AFCA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AFCA3 second address: 8AFCA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AFF52 second address: 8AFF5D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B3279 second address: 8B327D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B327D second address: 8B3283 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B3782 second address: 8B37AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F4184CD4C76h 0x00000009 jmp 00007F4184CD4C7Ah 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F4184CD4C83h 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B37AE second address: 8B37B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B37B4 second address: 8B37B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B3922 second address: 8B3926 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B3926 second address: 8B396C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4184CD4C87h 0x0000000b popad 0x0000000c push eax 0x0000000d jbe 00007F4184CD4C8Ah 0x00000013 jp 00007F4184CD4C84h 0x00000019 jmp 00007F4184CD4C7Eh 0x0000001e mov eax, dword ptr [esp+04h] 0x00000022 pushad 0x00000023 jnl 00007F4184CD4C7Ch 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B396C second address: 8B398C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F41851B0BEEh 0x0000000c popad 0x0000000d popad 0x0000000e mov eax, dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B398C second address: 8B3991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B27FB second address: 8B2826 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F41851B0BEFh 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F41851B0BF0h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B2826 second address: 8B282B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B3ADE second address: 8B3AE4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B3AE4 second address: 8B3AEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B3C84 second address: 8B3C8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F41851B0BE6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B5504 second address: 8B550A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B550A second address: 8B550F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B550F second address: 8B551A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B551A second address: 8B5520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87764A second address: 87764E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87764E second address: 877654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BD991 second address: 8BD999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BDC73 second address: 8BDC77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BDC77 second address: 8BDC7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BDC7B second address: 8BDC81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BDC81 second address: 8BDCA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4184CD4C7Eh 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BDDF7 second address: 8BDE1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F41851B0BF7h 0x0000000c jmp 00007F41851B0BEFh 0x00000011 pushad 0x00000012 popad 0x00000013 jnp 00007F41851B0BECh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C017E second address: 8C0189 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F4184CD4C76h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C0403 second address: 8C0407 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C0CBF second address: 8C0CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4184CD4C7Bh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C0CCE second address: 8C0CFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F41851B0BF7h 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C0CFF second address: 8C0D05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C0D05 second address: 8C0D09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1130 second address: 8C1146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f jo 00007F4184CD4C76h 0x00000015 pop ecx 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C12F2 second address: 8C12FC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F41851B0BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C12FC second address: 8C1336 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F4184CD4C89h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 jmp 00007F4184CD4C84h 0x00000016 pop esi 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1336 second address: 8C133C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1818 second address: 8C181C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C181C second address: 8C182A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F41851B0BE6h 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C224F second address: 8C2268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4184CD4C76h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jne 00007F4184CD4C78h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C2058 second address: 8C206E instructions: 0x00000000 rdtsc 0x00000002 js 00007F41851B0BECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 875B7E second address: 875B90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4184CD4C7Ch 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C48D3 second address: 8C4954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F41851B0BECh 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, dword ptr [ebp+1244E140h] 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007F41851B0BE8h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f jmp 00007F41851B0BEDh 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebx 0x00000039 call 00007F41851B0BE8h 0x0000003e pop ebx 0x0000003f mov dword ptr [esp+04h], ebx 0x00000043 add dword ptr [esp+04h], 00000019h 0x0000004b inc ebx 0x0000004c push ebx 0x0000004d ret 0x0000004e pop ebx 0x0000004f ret 0x00000050 mov esi, edx 0x00000052 xchg eax, ebx 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 jmp 00007F41851B0BEBh 0x0000005b ja 00007F41851B0BE6h 0x00000061 popad 0x00000062 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C4954 second address: 8C495A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C5197 second address: 8C51A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F41851B0BEBh 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C5E2D second address: 8C5E31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C5ECD second address: 8C5ED3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6893 second address: 8C68A8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jo 00007F4184CD4C78h 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C68A8 second address: 8C691C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007F41851B0BE8h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 mov di, 195Dh 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebp 0x0000002a call 00007F41851B0BE8h 0x0000002f pop ebp 0x00000030 mov dword ptr [esp+04h], ebp 0x00000034 add dword ptr [esp+04h], 0000001Ch 0x0000003c inc ebp 0x0000003d push ebp 0x0000003e ret 0x0000003f pop ebp 0x00000040 ret 0x00000041 jmp 00007F41851B0BF0h 0x00000046 push 00000000h 0x00000048 mov edi, esi 0x0000004a mov dword ptr [ebp+122D1D86h], eax 0x00000050 push eax 0x00000051 pushad 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C5BE0 second address: 8C5BE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C7301 second address: 8C730B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F41851B0BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CAEA3 second address: 8CAF28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 jmp 00007F4184CD4C7Ch 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F4184CD4C78h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 xor ebx, 4615FF91h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007F4184CD4C78h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 00000017h 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 xchg eax, esi 0x0000004a push esi 0x0000004b jno 00007F4184CD4C7Ch 0x00000051 pop esi 0x00000052 push eax 0x00000053 pushad 0x00000054 jc 00007F4184CD4C81h 0x0000005a jmp 00007F4184CD4C7Bh 0x0000005f push eax 0x00000060 push edx 0x00000061 ja 00007F4184CD4C76h 0x00000067 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CAF28 second address: 8CAF2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CDF36 second address: 8CDF83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jnc 00007F4184CD4C76h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007F4184CD4C89h 0x00000016 nop 0x00000017 mov bh, dh 0x00000019 push 00000000h 0x0000001b or dword ptr [ebp+122D2A18h], esi 0x00000021 push 00000000h 0x00000023 jno 00007F4184CD4C7Ch 0x00000029 xchg eax, esi 0x0000002a push eax 0x0000002b je 00007F4184CD4C7Ch 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CDF83 second address: 8CDF9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F41851B0BF0h 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D0066 second address: 8D006C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CC188 second address: 8CC192 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F41851B0BE6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CB0E2 second address: 8CB0E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D02A6 second address: 8D02AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D208C second address: 8D2090 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D2259 second address: 8D225D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D41D6 second address: 8D41DB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D41DB second address: 8D41EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F41851B0BE6h 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D41EC second address: 8D41FA instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4184CD4C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D41FA second address: 8D41FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D5188 second address: 8D51DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007F4184CD4C78h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 add edi, 2D4011F9h 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c mov ebx, dword ptr [ebp+122D1CBFh] 0x00000032 xchg eax, esi 0x00000033 push eax 0x00000034 jmp 00007F4184CD4C7Ch 0x00000039 pop eax 0x0000003a push eax 0x0000003b js 00007F4184CD4C80h 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D6259 second address: 8D62D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jno 00007F41851B0BECh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f add bx, 3E50h 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F41851B0BE8h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 jnc 00007F41851B0BECh 0x00000036 push ecx 0x00000037 movsx edi, dx 0x0000003a pop edi 0x0000003b push 00000000h 0x0000003d mov di, bx 0x00000040 xchg eax, esi 0x00000041 jnl 00007F41851B0C06h 0x00000047 push eax 0x00000048 push esi 0x00000049 push eax 0x0000004a push edx 0x0000004b jns 00007F41851B0BE6h 0x00000051 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D62D9 second address: 8D62DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D43A6 second address: 8D43AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D443F second address: 8D445F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C83h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D721E second address: 8D7222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7222 second address: 8D7228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7228 second address: 8D722E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D6436 second address: 8D64CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnl 00007F4184CD4C76h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov dword ptr [ebp+1246EB8Eh], edx 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F4184CD4C78h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 00000016h 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 sub dword ptr [ebp+122D2667h], esi 0x0000003a jne 00007F4184CD4C7Ch 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 push 00000000h 0x00000049 push ebp 0x0000004a call 00007F4184CD4C78h 0x0000004f pop ebp 0x00000050 mov dword ptr [esp+04h], ebp 0x00000054 add dword ptr [esp+04h], 0000001Bh 0x0000005c inc ebp 0x0000005d push ebp 0x0000005e ret 0x0000005f pop ebp 0x00000060 ret 0x00000061 mov edi, edx 0x00000063 movsx edi, di 0x00000066 mov eax, dword ptr [ebp+122D018Dh] 0x0000006c add bx, 451Ah 0x00000071 push FFFFFFFFh 0x00000073 js 00007F4184CD4C7Ch 0x00000079 mov edi, dword ptr [ebp+122D2284h] 0x0000007f nop 0x00000080 pushad 0x00000081 pushad 0x00000082 push eax 0x00000083 push edx 0x00000084 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D64CD second address: 8D64FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F41851B0BF7h 0x00000009 popad 0x0000000a jmp 00007F41851B0BEDh 0x0000000f popad 0x00000010 push eax 0x00000011 push edi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D64FC second address: 8D6502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D8134 second address: 8D8138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D8138 second address: 8D813C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D8FC3 second address: 8D8FC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DA036 second address: 8DA03A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DA03A second address: 8DA0B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F41851B0BEDh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f jo 00007F41851B0BECh 0x00000015 mov dword ptr [ebp+122D2B02h], esi 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push edi 0x00000020 call 00007F41851B0BE8h 0x00000025 pop edi 0x00000026 mov dword ptr [esp+04h], edi 0x0000002a add dword ptr [esp+04h], 00000019h 0x00000032 inc edi 0x00000033 push edi 0x00000034 ret 0x00000035 pop edi 0x00000036 ret 0x00000037 or bl, 00000038h 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push esi 0x0000003f call 00007F41851B0BE8h 0x00000044 pop esi 0x00000045 mov dword ptr [esp+04h], esi 0x00000049 add dword ptr [esp+04h], 00000016h 0x00000051 inc esi 0x00000052 push esi 0x00000053 ret 0x00000054 pop esi 0x00000055 ret 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007F41851B0BECh 0x0000005e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DA0B2 second address: 8DA0B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D912B second address: 8D912F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D912F second address: 8D9133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D9133 second address: 8D91CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jno 00007F41851B0BF3h 0x0000000e nop 0x0000000f push dword ptr fs:[00000000h] 0x00000016 add dword ptr [ebp+122D223Ah], eax 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 cmc 0x00000024 mov edi, 48429565h 0x00000029 mov eax, dword ptr [ebp+122D001Dh] 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007F41851B0BE8h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 00000015h 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 jnc 00007F41851B0BE8h 0x0000004f mov dword ptr [ebp+122D1E5Fh], edx 0x00000055 push FFFFFFFFh 0x00000057 mov dword ptr [ebp+122D1C1Ah], eax 0x0000005d jmp 00007F41851B0BF5h 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F41851B0BF2h 0x0000006a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D91CC second address: 8D91D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DEA80 second address: 8DEA85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DEA85 second address: 8DEABA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F4184CD4C76h 0x00000009 jmp 00007F4184CD4C86h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F4184CD4C81h 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E1B49 second address: 8E1B64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E1B64 second address: 8E1B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E1B6E second address: 8E1B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E1B72 second address: 8E1B78 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E1B78 second address: 8E1B8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BEEh 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87C767 second address: 87C77B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4184CD4C7Fh 0x00000009 pop edi 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87C77B second address: 87C793 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F41851B0BF2h 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87C793 second address: 87C797 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EBADF second address: 8EBAED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop esi 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EBAED second address: 8EBB07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C82h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EBB07 second address: 8EBB0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EBB0B second address: 8EBB56 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4184CD4C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 jg 00007F4184CD4C8Bh 0x00000016 pushad 0x00000017 push esi 0x00000018 pop esi 0x00000019 push eax 0x0000001a pop eax 0x0000001b popad 0x0000001c popad 0x0000001d mov eax, dword ptr [eax] 0x0000001f ja 00007F4184CD4C7Eh 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 push esi 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F0702 second address: 8F0717 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F41851B0BF1h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F0717 second address: 8F0721 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4184CD4C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F10E2 second address: 8F10E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F1389 second address: 8F138D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F14C9 second address: 8F14D6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F1787 second address: 8F178C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F178C second address: 8F179B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007F41851B0BE6h 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F179B second address: 8F17C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4184CD4C85h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007F4184CD4C76h 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F78BC second address: 8F78DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF8h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F78DA second address: 8F78E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FE8BE second address: 8FE8C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F41851B0BE6h 0x0000000a popad 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FE8C9 second address: 8FE8EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4184CD4C84h 0x00000009 jmp 00007F4184CD4C7Eh 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FE8EF second address: 8FE8F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FEA14 second address: 8FEA36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4184CD4C86h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FEA36 second address: 8FEA3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FEA3A second address: 8FEA46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007F4184CD4C76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FEA46 second address: 8FEA4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FEA4B second address: 8FEA75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F4184CD4C88h 0x0000000b jnp 00007F4184CD4C76h 0x00000011 popad 0x00000012 push edi 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FEE49 second address: 8FEE53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F41851B0BE6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FEE53 second address: 8FEE70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C7Fh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F4184CD4C76h 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FF105 second address: 8FF119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F41851B0BECh 0x0000000e ja 00007F41851B0BE6h 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FF621 second address: 8FF634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4184CD4C7Fh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FF77A second address: 8FF78E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F41851B0BEDh 0x0000000b pop esi 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A470C second address: 8A4716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A4716 second address: 8A4739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F41851B0BEAh 0x0000000c jmp 00007F41851B0BF2h 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFBC2 second address: 8FFBC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFBC6 second address: 8FFBDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F41851B0BEEh 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFBDA second address: 8FFBF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C89h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFBF9 second address: 8FFBFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFBFD second address: 8FFC01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 905E54 second address: 905E5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 905E5F second address: 905E63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 905E63 second address: 905E7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007F41851B0BE6h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BE81E second address: 8BE824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BE824 second address: 8A3B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F41851B0BE8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 lea eax, dword ptr [ebp+1247C5DBh] 0x00000029 xor ecx, 7ECC47ADh 0x0000002f push eax 0x00000030 jmp 00007F41851B0BF9h 0x00000035 mov dword ptr [esp], eax 0x00000038 push 00000000h 0x0000003a push ebp 0x0000003b call 00007F41851B0BE8h 0x00000040 pop ebp 0x00000041 mov dword ptr [esp+04h], ebp 0x00000045 add dword ptr [esp+04h], 00000015h 0x0000004d inc ebp 0x0000004e push ebp 0x0000004f ret 0x00000050 pop ebp 0x00000051 ret 0x00000052 xor dword ptr [ebp+12448B2Bh], ecx 0x00000058 xor dword ptr [ebp+122D1AB8h], edi 0x0000005e call dword ptr [ebp+122D2A97h] 0x00000064 push ecx 0x00000065 jl 00007F41851B0BECh 0x0000006b pushad 0x0000006c jmp 00007F41851B0BF2h 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BEF25 second address: 8BEF2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BEF2B second address: 8BEF2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BEF2F second address: 8BEF33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BEF33 second address: 8BEF77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F41851B0BF3h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 pushad 0x00000013 push edi 0x00000014 jmp 00007F41851B0BEFh 0x00000019 pop edi 0x0000001a jmp 00007F41851B0BEBh 0x0000001f popad 0x00000020 mov eax, dword ptr [eax] 0x00000022 pushad 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BEF77 second address: 8BEF80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BEF80 second address: 8BEF84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BEF84 second address: 8BEF88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF0D6 second address: 8BF0DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF0DB second address: 8BF0E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F4184CD4C76h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF0E5 second address: 8BF144 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F41851B0BE8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 or dh, FFFFFFFAh 0x00000028 nop 0x00000029 pushad 0x0000002a pushad 0x0000002b jns 00007F41851B0BE6h 0x00000031 jnc 00007F41851B0BE6h 0x00000037 popad 0x00000038 push edx 0x00000039 jmp 00007F41851B0BF5h 0x0000003e pop edx 0x0000003f popad 0x00000040 push eax 0x00000041 push edi 0x00000042 push eax 0x00000043 push edx 0x00000044 js 00007F41851B0BE6h 0x0000004a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF7B7 second address: 8BF7BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF7BC second address: 8BF7C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BFB7A second address: 8BFBC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C7Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ecx, 133DDFB1h 0x00000011 lea eax, dword ptr [ebp+1247C61Fh] 0x00000017 push 00000000h 0x00000019 push ebx 0x0000001a call 00007F4184CD4C78h 0x0000001f pop ebx 0x00000020 mov dword ptr [esp+04h], ebx 0x00000024 add dword ptr [esp+04h], 00000019h 0x0000002c inc ebx 0x0000002d push ebx 0x0000002e ret 0x0000002f pop ebx 0x00000030 ret 0x00000031 mov edx, dword ptr [ebp+122D3553h] 0x00000037 nop 0x00000038 jl 00007F4184CD4C94h 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BFBC7 second address: 8BFBF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F41851B0BF6h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F41851B0BF4h 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BFBF9 second address: 8BFC7A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4184CD4C7Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F4184CD4C78h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 mov di, 92F7h 0x00000029 lea eax, dword ptr [ebp+1247C5DBh] 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007F4184CD4C78h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 00000015h 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 nop 0x0000004a jp 00007F4184CD4C8Eh 0x00000050 push eax 0x00000051 pushad 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BFC7A second address: 8BFC7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BFC7E second address: 8BFC96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BFC96 second address: 8BFC9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BFC9A second address: 8A470C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F4184CD4C78h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 jp 00007F4184CD4C78h 0x00000028 mov edi, ebx 0x0000002a call dword ptr [ebp+122D1AEFh] 0x00000030 jmp 00007F4184CD4C7Fh 0x00000035 pushad 0x00000036 push edi 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 905162 second address: 905167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 905167 second address: 905191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C84h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4184CD4C80h 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90583F second address: 905845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90A2D6 second address: 90A2E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C7Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90A2E6 second address: 90A31A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F41851B0BF4h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F41851B0BF7h 0x00000015 jg 00007F41851B0BE6h 0x0000001b jmp 00007F41851B0BEBh 0x00000020 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90A31A second address: 90A321 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90A485 second address: 90A489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90A489 second address: 90A4AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4184CD4C89h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90AA1E second address: 90AA24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 909FB7 second address: 909FBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 909FBB second address: 909FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop ecx 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 909FCD second address: 909FD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 909FD3 second address: 909FEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F41851B0BE6h 0x0000000c popad 0x0000000d jmp 00007F41851B0BEAh 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90B033 second address: 90B039 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90B2F4 second address: 90B2FF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87918D second address: 879198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4184CD4C76h 0x0000000a popad 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 879198 second address: 8791BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF8h 0x00000007 jc 00007F41851B0BEEh 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90E19D second address: 90E1A7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4184CD4C7Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90E1A7 second address: 90E1B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90E2D7 second address: 90E2DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91056B second address: 91056F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 910700 second address: 910704 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917EEA second address: 917F0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop edi 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917F0C second address: 917F12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917F12 second address: 917F18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917F18 second address: 917F22 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4184CD4C76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917F22 second address: 917F2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9168B4 second address: 9168C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnl 00007F4184CD4C7Ch 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9168C5 second address: 9168DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F41851B0BF0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9168DA second address: 9168E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916B84 second address: 916B97 instructions: 0x00000000 rdtsc 0x00000002 je 00007F41851B0BE6h 0x00000008 jg 00007F41851B0BE6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916EDB second address: 916EF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d push ecx 0x0000000e jc 00007F4184CD4C76h 0x00000014 pop ecx 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c pop eax 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916EF8 second address: 916EFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916EFE second address: 916F0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F4184CD4C76h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 916F0E second address: 916F12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF5E9 second address: 8BF5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF5ED second address: 8BF6A8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F41851B0BF4h 0x0000000c nop 0x0000000d jnl 00007F41851B0BECh 0x00000013 mov ebx, dword ptr [ebp+1247C61Ah] 0x00000019 cld 0x0000001a push edi 0x0000001b jp 00007F41851B0BF3h 0x00000021 pop edi 0x00000022 add eax, ebx 0x00000024 xor edx, 1B867203h 0x0000002a nop 0x0000002b jmp 00007F41851B0BECh 0x00000030 push eax 0x00000031 jmp 00007F41851B0BF5h 0x00000036 nop 0x00000037 jmp 00007F41851B0BF5h 0x0000003c push 00000004h 0x0000003e push 00000000h 0x00000040 push eax 0x00000041 call 00007F41851B0BE8h 0x00000046 pop eax 0x00000047 mov dword ptr [esp+04h], eax 0x0000004b add dword ptr [esp+04h], 00000015h 0x00000053 inc eax 0x00000054 push eax 0x00000055 ret 0x00000056 pop eax 0x00000057 ret 0x00000058 or edx, 7DBF04D5h 0x0000005e jnp 00007F41851B0BE6h 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 jg 00007F41851B0BE8h 0x0000006d push ebx 0x0000006e pop ebx 0x0000006f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BF6A8 second address: 8BF6AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917070 second address: 917080 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jng 00007F41851B0BE6h 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 917080 second address: 917093 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007F4184CD4C76h 0x0000000b jng 00007F4184CD4C76h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91AB94 second address: 91AB9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925F4F second address: 925F67 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4184CD4C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jne 00007F4184CD4C76h 0x00000011 jng 00007F4184CD4C76h 0x00000017 popad 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925F67 second address: 925F72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 je 00007F41851B0BE6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925F72 second address: 925F7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925F7B second address: 925F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9240DF second address: 9240F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F4184CD4C7Eh 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop ebx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 924281 second address: 92429B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F41851B0BE6h 0x00000008 jnc 00007F41851B0BE6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jo 00007F41851B0BE6h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92429B second address: 92429F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9246BA second address: 9246BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9246BE second address: 9246D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C87h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92590A second address: 925912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925912 second address: 925928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F4184CD4C7Eh 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925928 second address: 92592E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92592E second address: 925932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925932 second address: 925936 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 925936 second address: 92595C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4184CD4C7Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4184CD4C81h 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92749B second address: 92749F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92749F second address: 9274AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F4184CD4C76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9274AB second address: 9274BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BEEh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9274BE second address: 9274D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4184CD4C76h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 je 00007F4184CD4C76h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9274D6 second address: 9274DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9274DB second address: 9274E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92D4FF second address: 92D50B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F41851B0BE6h 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92C62E second address: 92C632 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92C632 second address: 92C644 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jp 00007F41851B0BE6h 0x00000011 popad 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92C936 second address: 92C946 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4184CD4C7Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92C946 second address: 92C968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jns 00007F41851B0BE6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F41851B0BEAh 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92C968 second address: 92C986 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C7Bh 0x00000007 jo 00007F4184CD4C76h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 jnp 00007F4184CD4C76h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CB0B second address: 92CB11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CB11 second address: 92CB20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007F4184CD4C76h 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CB20 second address: 92CB24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CB24 second address: 92CB2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CB2F second address: 92CB3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 ja 00007F41851B0BE6h 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CF18 second address: 92CF26 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4184CD4C76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CF26 second address: 92CF2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92CF2C second address: 92CF54 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c popad 0x0000000d push ecx 0x0000000e jmp 00007F4184CD4C85h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9438AA second address: 9438BA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jbe 00007F41851B0BE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 943314 second address: 94332A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4184CD4C7Eh 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94332A second address: 943340 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF0h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 943340 second address: 943348 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 943348 second address: 94334C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 94334C second address: 943369 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jmp 00007F4184CD4C80h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 943369 second address: 943373 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F41851B0BE6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 949817 second address: 949835 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4184CD4C7Bh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 949835 second address: 949839 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 949839 second address: 94983F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 953925 second address: 95392A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95354F second address: 953557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95636D second address: 956371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956371 second address: 956375 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956375 second address: 956397 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F41851B0BE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F41851B0BF4h 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 956397 second address: 95639D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95639D second address: 9563CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF9h 0x00000007 push ecx 0x00000008 push eax 0x00000009 pop eax 0x0000000a ja 00007F41851B0BE6h 0x00000010 pop ecx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9563CA second address: 9563CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9563CE second address: 9563D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 955D42 second address: 955D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F4184CD4C89h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95ACB8 second address: 95ACD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F41851B0BEBh 0x00000009 jmp 00007F41851B0BEFh 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9624A6 second address: 9624AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9624AA second address: 9624BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 jc 00007F41851B0BF0h 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96423C second address: 964242 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 964242 second address: 964246 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 964246 second address: 96424A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96424A second address: 964258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F41851B0C00h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 964258 second address: 964277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4184CD4C84h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 964277 second address: 964292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F41851B0BF6h 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 968218 second address: 968231 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4184CD4C80h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96808E second address: 9680A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F41851B0BE8h 0x0000000e pushad 0x0000000f popad 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96CAEA second address: 96CAEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96CAEE second address: 96CAF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 970E3A second address: 970E3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 970F8A second address: 970F9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F41851B0BE6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 970F9B second address: 970FBA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F4184CD4C89h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 970FBA second address: 970FD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F41851B0BF3h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 974F8F second address: 974F95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 974F95 second address: 974FD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jmp 00007F41851B0BEFh 0x0000000c jmp 00007F41851B0BEBh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007F41851B0BF2h 0x0000001a jbe 00007F41851B0BE6h 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 push ecx 0x00000023 pop ecx 0x00000024 popad 0x00000025 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 974FD7 second address: 974FE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4184CD4C7Dh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 974FE8 second address: 974FF5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F41851B0BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 974FF5 second address: 975013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4184CD4C88h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97B6F7 second address: 97B74A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F41851B0BFFh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F41851B0BEBh 0x00000012 jmp 00007F41851B0BF2h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a pushad 0x0000001b jnc 00007F41851B0BE6h 0x00000021 pushad 0x00000022 popad 0x00000023 pushad 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97B74A second address: 97B74F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98171C second address: 981720 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 981720 second address: 981726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9862A8 second address: 9862D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pop eax 0x00000008 jng 00007F41851B0C0Fh 0x0000000e push ecx 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007F41851B0BF7h 0x00000016 pop ecx 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 986146 second address: 986165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a jo 00007F4184CD4C76h 0x00000010 jmp 00007F4184CD4C7Eh 0x00000015 popad 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 986165 second address: 986176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F41851B0BEDh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97E8FA second address: 97E900 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97E900 second address: 97E904 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97E904 second address: 97E931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4184CD4C81h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F4184CD4C8Ah 0x00000011 jmp 00007F4184CD4C7Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 993156 second address: 993164 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F41851B0BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 993164 second address: 993168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 993168 second address: 99318E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a pushad 0x0000000b jns 00007F41851B0BEEh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99318E second address: 993192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 993192 second address: 9931A6 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F41851B0BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F41851B0BE6h 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A6C84 second address: 9A6C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4184CD4C7Ah 0x00000009 popad 0x0000000a pushad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A74C6 second address: 9A74E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7629 second address: 9A7631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A91D5 second address: 9A91F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F41851B0BF5h 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A91F0 second address: 9A9200 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F4184CD4C76h 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9ABAAD second address: 9ABAB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9ABE2E second address: 9ABE43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C81h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9ABE43 second address: 9ABE69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F41851B0BECh 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AD930 second address: 9AD94F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C85h 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F4184CD4C76h 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D079D second address: 49D07AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F41851B0BECh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D07AD second address: 49D07C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D07C5 second address: 49D07C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D07C9 second address: 49D07DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C7Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D07DB second address: 49D07E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D07E1 second address: 49D07E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D07E5 second address: 49D081B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BEDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F41851B0BEEh 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007F41851B0BEDh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D081B second address: 49D0820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0820 second address: 49D0825 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0825 second address: 49D082B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D082B second address: 49D083B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d mov eax, edi 0x0000000f popad 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D083B second address: 49D0864 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4184CD4C86h 0x00000008 mov ax, 53E1h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0864 second address: 49D0868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0868 second address: 49D0881 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C85h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0881 second address: 49D0966 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 mov si, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F41851B0BF0h 0x00000013 jmp 00007F41851B0BF5h 0x00000018 popfd 0x00000019 pushad 0x0000001a mov ebx, eax 0x0000001c jmp 00007F41851B0BEAh 0x00000021 popad 0x00000022 popad 0x00000023 mov dword ptr [esp], esi 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F41851B0BEEh 0x0000002d jmp 00007F41851B0BF5h 0x00000032 popfd 0x00000033 pushfd 0x00000034 jmp 00007F41851B0BF0h 0x00000039 xor ecx, 5F0B1DF8h 0x0000003f jmp 00007F41851B0BEBh 0x00000044 popfd 0x00000045 popad 0x00000046 lea eax, dword ptr [ebp-04h] 0x00000049 pushad 0x0000004a jmp 00007F41851B0BF4h 0x0000004f pushad 0x00000050 mov dx, cx 0x00000053 pushfd 0x00000054 jmp 00007F41851B0BECh 0x00000059 or ecx, 07FB2788h 0x0000005f jmp 00007F41851B0BEBh 0x00000064 popfd 0x00000065 popad 0x00000066 popad 0x00000067 nop 0x00000068 push eax 0x00000069 push edx 0x0000006a jmp 00007F41851B0BF5h 0x0000006f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0966 second address: 49D096B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D096B second address: 49D097B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D097B second address: 49D097F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D097F second address: 49D0985 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0985 second address: 49D09A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4184CD4C89h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D09A2 second address: 49D09A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D09A6 second address: 49D0A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F4184CD4C83h 0x00000010 adc si, 4F3Eh 0x00000015 jmp 00007F4184CD4C89h 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007F4184CD4C80h 0x00000021 or esi, 35448C38h 0x00000027 jmp 00007F4184CD4C7Bh 0x0000002c popfd 0x0000002d popad 0x0000002e push dword ptr [ebp+08h] 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 mov esi, edx 0x00000036 pushfd 0x00000037 jmp 00007F4184CD4C87h 0x0000003c adc esi, 52B84EAEh 0x00000042 jmp 00007F4184CD4C89h 0x00000047 popfd 0x00000048 popad 0x00000049 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0A48 second address: 49D0A4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0A4E second address: 49D0A52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0A52 second address: 49D0A56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0ADE second address: 49D0B40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4184CD4C81h 0x00000008 mov dx, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, esi 0x00000010 pushad 0x00000011 mov ecx, 504C2DAFh 0x00000016 pushfd 0x00000017 jmp 00007F4184CD4C84h 0x0000001c adc ecx, 3490D4D8h 0x00000022 jmp 00007F4184CD4C7Bh 0x00000027 popfd 0x00000028 popad 0x00000029 pop esi 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F4184CD4C85h 0x00000031 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0B40 second address: 49C003A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F41851B0BF7h 0x00000009 and cx, 54FEh 0x0000000e jmp 00007F41851B0BF9h 0x00000013 popfd 0x00000014 jmp 00007F41851B0BF0h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c leave 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 pop eax 0x00000021 pop edx 0x00000022 mov ax, CCC5h 0x00000026 popad 0x00000027 retn 0004h 0x0000002a nop 0x0000002b sub esp, 04h 0x0000002e xor ebx, ebx 0x00000030 cmp eax, 00000000h 0x00000033 je 00007F41851B0D4Fh 0x00000039 mov dword ptr [esp], 0000000Dh 0x00000040 call 00007F4189481CA5h 0x00000045 mov edi, edi 0x00000047 jmp 00007F41851B0BF2h 0x0000004c xchg eax, ebp 0x0000004d pushad 0x0000004e mov cx, A7DDh 0x00000052 movzx esi, di 0x00000055 popad 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a call 00007F41851B0BF1h 0x0000005f pop ecx 0x00000060 mov edx, 32B02814h 0x00000065 popad 0x00000066 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C003A second address: 49C0097 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, bx 0x00000006 pushfd 0x00000007 jmp 00007F4184CD4C85h 0x0000000c sbb ah, FFFFFF86h 0x0000000f jmp 00007F4184CD4C81h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, ebp 0x00000019 jmp 00007F4184CD4C7Eh 0x0000001e mov ebp, esp 0x00000020 jmp 00007F4184CD4C80h 0x00000025 sub esp, 2Ch 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0097 second address: 49C00DA instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F41851B0BEAh 0x00000008 or esi, 681FA488h 0x0000000e jmp 00007F41851B0BEBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 jmp 00007F41851B0BF8h 0x0000001b popad 0x0000001c xchg eax, ebx 0x0000001d pushad 0x0000001e movzx eax, dx 0x00000021 push eax 0x00000022 push edx 0x00000023 mov bh, 97h 0x00000025 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C00DA second address: 49C00DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C00DE second address: 49C012C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 mov bl, 85h 0x0000000b push eax 0x0000000c pushfd 0x0000000d jmp 00007F41851B0BEFh 0x00000012 xor cx, 6EDEh 0x00000017 jmp 00007F41851B0BF9h 0x0000001c popfd 0x0000001d pop ecx 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 pushad 0x00000021 call 00007F41851B0BEDh 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0186 second address: 49C018C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C018C second address: 49C0229 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b pushad 0x0000000c push edi 0x0000000d mov ah, 4Bh 0x0000000f pop edx 0x00000010 pushfd 0x00000011 jmp 00007F41851B0BF4h 0x00000016 jmp 00007F41851B0BF5h 0x0000001b popfd 0x0000001c popad 0x0000001d sub edi, edi 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F41851B0BF8h 0x00000028 add si, D9E8h 0x0000002d jmp 00007F41851B0BEBh 0x00000032 popfd 0x00000033 pushfd 0x00000034 jmp 00007F41851B0BF8h 0x00000039 adc ax, 6C48h 0x0000003e jmp 00007F41851B0BEBh 0x00000043 popfd 0x00000044 popad 0x00000045 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0229 second address: 49C02B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc ebx 0x0000000a pushad 0x0000000b call 00007F4184CD4C7Ch 0x00000010 movzx eax, dx 0x00000013 pop edx 0x00000014 pushfd 0x00000015 jmp 00007F4184CD4C7Ch 0x0000001a jmp 00007F4184CD4C85h 0x0000001f popfd 0x00000020 popad 0x00000021 test al, al 0x00000023 pushad 0x00000024 mov al, 58h 0x00000026 mov cx, dx 0x00000029 popad 0x0000002a je 00007F4184CD4DF0h 0x00000030 jmp 00007F4184CD4C7Bh 0x00000035 lea ecx, dword ptr [ebp-14h] 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F4184CD4C85h 0x0000003f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C02B0 second address: 49C02B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C02B6 second address: 49C02BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C03A6 second address: 49C03B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F41851B0BEEh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C03B8 second address: 49C03BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C03BC second address: 49C03FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F41F673ECBDh 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F41851B0BEDh 0x00000015 jmp 00007F41851B0BEBh 0x0000001a popfd 0x0000001b call 00007F41851B0BF8h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C03FF second address: 49C0428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov ebx, dword ptr [ebp+08h] 0x00000009 jmp 00007F4184CD4C87h 0x0000000e lea eax, dword ptr [ebp-2Ch] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov dl, D8h 0x00000016 popad 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0428 second address: 49C0440 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F41851B0BF4h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0440 second address: 49C0444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0444 second address: 49C046E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F41851B0BEAh 0x00000010 sbb esi, 461F7FE8h 0x00000016 jmp 00007F41851B0BEBh 0x0000001b popfd 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C046E second address: 49C04ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov dword ptr [esp], esi 0x00000009 pushad 0x0000000a push ecx 0x0000000b push edx 0x0000000c pop eax 0x0000000d pop edx 0x0000000e pushfd 0x0000000f jmp 00007F4184CD4C86h 0x00000014 and cx, 9D78h 0x00000019 jmp 00007F4184CD4C7Bh 0x0000001e popfd 0x0000001f popad 0x00000020 nop 0x00000021 jmp 00007F4184CD4C86h 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a mov edi, ecx 0x0000002c pushfd 0x0000002d jmp 00007F4184CD4C88h 0x00000032 sbb ax, 8238h 0x00000037 jmp 00007F4184CD4C7Bh 0x0000003c popfd 0x0000003d popad 0x0000003e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C04ED second address: 49C0513 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, FA5Ah 0x00000007 mov cl, bh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jmp 00007F41851B0BEAh 0x00000012 xchg eax, ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F41851B0BEAh 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0513 second address: 49C0522 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0522 second address: 49C0571 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ax, 2D79h 0x00000011 pushfd 0x00000012 jmp 00007F41851B0BF6h 0x00000017 sub ecx, 7180F088h 0x0000001d jmp 00007F41851B0BEBh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0571 second address: 49C059B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C89h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edi, 7EAF057Eh 0x00000012 mov ax, dx 0x00000015 popad 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C05C8 second address: 49B0C1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 pushfd 0x00000007 jmp 00007F41851B0BEDh 0x0000000c or ecx, 2D4B3916h 0x00000012 jmp 00007F41851B0BF1h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b test esi, esi 0x0000001d jmp 00007F41851B0BEEh 0x00000022 je 00007F41F673EC34h 0x00000028 xor eax, eax 0x0000002a jmp 00007F418518A31Ah 0x0000002f pop esi 0x00000030 pop edi 0x00000031 pop ebx 0x00000032 leave 0x00000033 retn 0004h 0x00000036 nop 0x00000037 sub esp, 04h 0x0000003a mov esi, eax 0x0000003c cmp esi, 00000000h 0x0000003f setne al 0x00000042 xor ebx, ebx 0x00000044 test al, 01h 0x00000046 jne 00007F41851B0BE7h 0x00000048 jmp 00007F41851B0D23h 0x0000004d call 00007F4189472758h 0x00000052 mov edi, edi 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F41851B0BEEh 0x0000005b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0C1F second address: 49B0C6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4184CD4C81h 0x00000009 xor eax, 08AEE5B6h 0x0000000f jmp 00007F4184CD4C81h 0x00000014 popfd 0x00000015 mov bx, ax 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c jmp 00007F4184CD4C7Ah 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F4184CD4C7Eh 0x00000029 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0C6E second address: 49B0C8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F41851B0BEBh 0x00000012 mov edx, eax 0x00000014 popad 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0C8F second address: 49B0CB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C85h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4184CD4C7Dh 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0CB9 second address: 49B0CD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bl 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F41851B0BF1h 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B0CD5 second address: 49B0D43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4184CD4C87h 0x00000009 sbb eax, 5155A86Eh 0x0000000f jmp 00007F4184CD4C89h 0x00000014 popfd 0x00000015 mov ebx, esi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b jmp 00007F4184CD4C7Dh 0x00000020 xchg eax, ecx 0x00000021 pushad 0x00000022 mov cx, 9E83h 0x00000026 popad 0x00000027 mov dword ptr [ebp-04h], 55534552h 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F4184CD4C80h 0x00000035 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C09B7 second address: 49C09D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 call 00007F41851B0BECh 0x0000000a mov edx, eax 0x0000000c pop ecx 0x0000000d popad 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 mov bx, cx 0x00000018 popad 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C09D7 second address: 49C09FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 movsx ebx, cx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c cmp dword ptr [75FA459Ch], 05h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4184CD4C7Ch 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C09FA second address: 49C0A09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0A09 second address: 49C0A21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4184CD4C84h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0A21 second address: 49C0A3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BEBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F41F672EBB3h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0A3E second address: 49C0A42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0A42 second address: 49C0A48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0AB3 second address: 49C0AB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0AB9 second address: 49C0ABF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0ABF second address: 49C0AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0AC3 second address: 49C0AEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F41851B0BECh 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0AEA second address: 49C0B47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4184CD4C7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e movsx edi, si 0x00000011 mov ax, AB87h 0x00000015 popad 0x00000016 pop eax 0x00000017 jmp 00007F4184CD4C7Ah 0x0000001c call 00007F41F6259CD7h 0x00000021 push 75F42B70h 0x00000026 push dword ptr fs:[00000000h] 0x0000002d mov eax, dword ptr [esp+10h] 0x00000031 mov dword ptr [esp+10h], ebp 0x00000035 lea ebp, dword ptr [esp+10h] 0x00000039 sub esp, eax 0x0000003b push ebx 0x0000003c push esi 0x0000003d push edi 0x0000003e mov eax, dword ptr [75FA4538h] 0x00000043 xor dword ptr [ebp-04h], eax 0x00000046 xor eax, ebp 0x00000048 push eax 0x00000049 mov dword ptr [ebp-18h], esp 0x0000004c push dword ptr [ebp-08h] 0x0000004f mov eax, dword ptr [ebp-04h] 0x00000052 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000059 mov dword ptr [ebp-08h], eax 0x0000005c lea eax, dword ptr [ebp-10h] 0x0000005f mov dword ptr fs:[00000000h], eax 0x00000065 ret 0x00000066 pushad 0x00000067 mov ebx, eax 0x00000069 call 00007F4184CD4C7Ah 0x0000006e mov esi, 24367481h 0x00000073 pop ecx 0x00000074 popad 0x00000075 mov esi, 00000000h 0x0000007a push eax 0x0000007b push edx 0x0000007c push eax 0x0000007d push edx 0x0000007e jmp 00007F4184CD4C84h 0x00000083 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0B47 second address: 49C0B4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0B4D second address: 49C0B53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0B53 second address: 49C0B6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [ebp-1Ch], esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F41851B0BEBh 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C0C07 second address: 49C0C0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0BBC second address: 49D0C68 instructions: 0x00000000 rdtsc 0x00000002 movzx esi, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 movsx edi, ax 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F41851B0BF0h 0x00000013 sub esi, 4EBCAFE8h 0x00000019 jmp 00007F41851B0BEBh 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007F41851B0BF8h 0x00000025 or cl, 00000048h 0x00000028 jmp 00007F41851B0BEBh 0x0000002d popfd 0x0000002e popad 0x0000002f mov ebp, esp 0x00000031 pushad 0x00000032 mov eax, 34DFDEDBh 0x00000037 pushfd 0x00000038 jmp 00007F41851B0BF0h 0x0000003d or ah, FFFFFFA8h 0x00000040 jmp 00007F41851B0BEBh 0x00000045 popfd 0x00000046 popad 0x00000047 xchg eax, esi 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b call 00007F41851B0BEBh 0x00000050 pop ecx 0x00000051 jmp 00007F41851B0BF9h 0x00000056 popad 0x00000057 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0C68 second address: 49D0C72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 2FE37D02h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0C72 second address: 49D0C9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F41851B0BF4h 0x0000000e push esi 0x0000000f push edi 0x00000010 pop ecx 0x00000011 pop edx 0x00000012 popad 0x00000013 xchg eax, esi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0C9B second address: 49D0C9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0C9F second address: 49D0CA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0CA3 second address: 49D0CA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0CA9 second address: 49D0CC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0CC1 second address: 49D0CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ch, bh 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0CC8 second address: 49D0CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0CCE second address: 49D0D61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F4184CD4C89h 0x00000011 xor ch, 00000046h 0x00000014 jmp 00007F4184CD4C81h 0x00000019 popfd 0x0000001a mov dx, ax 0x0000001d popad 0x0000001e je 00007F41F6242321h 0x00000024 jmp 00007F4184CD4C7Ah 0x00000029 cmp dword ptr [75FA459Ch], 05h 0x00000030 jmp 00007F4184CD4C80h 0x00000035 je 00007F41F625A3DAh 0x0000003b jmp 00007F4184CD4C80h 0x00000040 xchg eax, esi 0x00000041 jmp 00007F4184CD4C80h 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0D61 second address: 49D0D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0D65 second address: 49D0D69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0D69 second address: 49D0D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0D6F second address: 49D0D75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0D75 second address: 49D0D79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0D79 second address: 49D0D88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0D88 second address: 49D0D9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F41851B0BF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0DCA second address: 49D0E38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov ebx, ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d mov esi, 2904BE57h 0x00000012 pushad 0x00000013 jmp 00007F4184CD4C7Ah 0x00000018 pushfd 0x00000019 jmp 00007F4184CD4C82h 0x0000001e xor esi, 69DB69F8h 0x00000024 jmp 00007F4184CD4C7Bh 0x00000029 popfd 0x0000002a popad 0x0000002b popad 0x0000002c push eax 0x0000002d jmp 00007F4184CD4C89h 0x00000032 xchg eax, esi 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F4184CD4C7Dh 0x0000003a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0E38 second address: 49D0E3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Tries to evade debugger and weak emulator (self modifying code)
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 715961 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 8B386E instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 944E85 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
              Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
              Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
              Source: C:\Users\user\Desktop\file.exe TID: 1532Thread sleep time: -52026s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\file.exe TID: 5172Thread sleep time: -36018s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\file.exe TID: 7404Thread sleep time: -180000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\file.exe TID: 5696Thread sleep time: -40020s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\file.exe TID: 4780Thread sleep time: -30015s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\file.exe TID: 7404Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696501413o
              Source: file.exe, 00000000.00000002.1708258053.0000000000897000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696501413j
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
              Source: file.exe, file.exe, 00000000.00000003.1516452447.00000000005F1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706844025.00000000005E6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1706844025.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1516334763.00000000005E6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1663155024.00000000005E6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1308796416.00000000005F1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1707828889.00000000005A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1707828889.00000000005E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696501413x
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696501413t
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - HKVMware20,11696501413]
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696501413s
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
              Source: file.exe, 00000000.00000003.1393811554.00000000053F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696501413p
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696501413
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696501413
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696501413t
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactiveuserers.comVMware20,11696501413
              Source: file.exe, 00000000.00000002.1708258053.0000000000897000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696501413f
              Source: file.exe, 00000000.00000003.1393811554.00000000053EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696501413
              Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

              Anti Debugging

              barindex
              Hides threads from debuggers
              Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
              Tries to detect sandboxes and other dynamic analysis tools (window names)
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
              Source: C:\Users\user\Desktop\file.exeFile opened: SICE
              Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
              Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
              Source: file.exe, 00000000.00000002.1708258053.0000000000897000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: RZ,Program Manager
              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: file.exe, 00000000.00000003.1663155024.00000000005D9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1707828889.00000000005D9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1707282504.00000000005D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6692, type: MEMORYSTR
              Source: Yara matchFile source: 0.2.file.exe.6b0000.0.unpack, type: UNPACKEDPE
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: file.exeString found in binary or memory: ],"z":"Wallets/Electrum-LTC","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Ele\d
              Source: file.exeString found in binary or memory: Wallets/ElectronCash
              Source: file.exeString found in binary or memory: Chrome/Default/Extensions/Jaxx Liberty
              Source: file.exeString found in binary or memory: window-state.json
              Source: file.exeString found in binary or memory: \"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":0,"fs":20971520},{"t":0,"p":"%
              Source: file.exeString found in binary or memory: \"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":0,"fs":20971520},{"t":0,"p":"%
              Source: file.exeString found in binary or memory: \"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":0,"fs":20971520},{"t":0,"p":"%
              Source: file.exe, 00000000.00000003.1512694064.000000000063B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: file.exeString found in binary or memory: \"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":0,"fs":20971520},{"t":0,"p":"%
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
              Source: Yara matchFile source: 00000000.00000003.1341897745.0000000000638000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1456563314.000000000063A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1512694064.00000000005FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6692, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6692, type: MEMORYSTR
              Source: Yara matchFile source: 0.2.file.exe.6b0000.0.unpack, type: UNPACKEDPE

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              Process Injection              		44
              Virtualization/Sandbox Evasion              		2
              OS Credential Dumping              		851
              Security Software Discovery              		Remote Services41
              Data from Local System              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              DLL Side-Loading              		1
              Process Injection              		LSASS Memory44
              Virtualization/Sandbox Evasion              		Remote Desktop ProtocolData from Removable Media1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
              Obfuscated Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
              Software Packing              		NTDS1
              File and Directory Discovery              		Distributed Component Object ModelInput Capture114
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              DLL Side-Loading              		LSA Secrets223
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.