Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1637460
MD5:	0896954792978df6b6f6965593ec07e8
SHA1:	718fd59a15a6bbdaee5e847e97be5afad3e8bb3e
SHA256:	e771e24ff1eeecc7c4c60e2b755a469518875a7737f614621356bc4572af7abd
Tags:	exeuser-jstrosch
Infos:

Detection

LummaC Stealer

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected LummaC Stealer

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Joe Sandbox ML detected suspicious sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Tries to resolve many domain names, but no domain seems valid

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 1728 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0896954792978DF6B6F6965593EC07E8)

cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["absoulpushx.life/QZwszc", "begindecafer.world/QwdZdf", "garagedrootz.top/oPsoJAN", "modelshiverd.icu/bJhnsj", "arisechairedd.shop/JnsHY", "catterjur.run/boSnzhu", "orangemyther.live/IozZ", "fostinjec.today/LksNAz"]}

Yara Signatures

Unpacked PEs

Source	Rule	Description	Author	Strings
1.2.file.exe.820000.0.unpack	JoeSecurity_LummaCStealer_4	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-13T16:50:10.565616+0100	2028371	3	Unknown Traffic	192.168.2.6	49687	23.197.127.21	443	TCP
2025-03-13T16:50:13.644568+0100	2028371	3	Unknown Traffic	192.168.2.6	49688	23.197.127.21	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: absoulpushx.life/QZwszc	Avira URL Cloud: Label: malware
Source: orangemyther.live/IozZ	Avira URL Cloud: Label: malware
Source: modelshiverd.icu/bJhnsj	Avira URL Cloud: Label: malware
Source: catterjur.run/boSnzhu	Avira URL Cloud: Label: malware
Source: garagedrootz.top/oPsoJAN	Avira URL Cloud: Label: malware
Source: fostinjec.today/LksNAz	Avira URL Cloud: Label: malware
Source: begindecafer.world/QwdZdf	Avira URL Cloud: Label: malware
Source: arisechairedd.shop/JnsHY	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000001.00000002.1384609049.0000000000821000.00000040.00000001.01000000.00000003.sdmp

Malware Configuration Extractor: LummaC {"C2 url": ["absoulpushx.life/QZwszc", "begindecafer.world/QwdZdf", "garagedrootz.top/oPsoJAN", "modelshiverd.icu/bJhnsj", "arisechairedd.shop/JnsHY", "catterjur.run/boSnzhu", "orangemyther.live/IozZ", "fostinjec.today/LksNAz"]}

Multi AV Scanner detection for submitted file

Source: file.exe	Virustotal: Detection: 57%			Perma Link
Source: file.exe	ReversingLabs: Detection: 57%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Sample uses string decryption to hide its real strings

Source: 00000001.00000002.1384609049.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: absoulpushx.life/QZwszc
Source: 00000001.00000002.1384609049.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: begindecafer.world/QwdZdf
Source: 00000001.00000002.1384609049.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: garagedrootz.top/oPsoJAN
Source: 00000001.00000002.1384609049.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: modelshiverd.icu/bJhnsj
Source: 00000001.00000002.1384609049.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: arisechairedd.shop/JnsHY
Source: 00000001.00000002.1384609049.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: catterjur.run/boSnzhu
Source: 00000001.00000002.1384609049.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: orangemyther.live/IozZ
Source: 00000001.00000002.1384609049.0000000000821000.00000040.00000001.01000000.00000003.sdmp	String decryptor: fostinjec.today/LksNAz

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.6:49687 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.6:49688 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then lea eax, dword ptr [ecx-6C0B83CEh]	1_2_0082D780
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [esp+ecx+14h]	1_2_0082DA3A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx+317AB538h]	1_2_0082DA3A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx-443B8DA2h]	1_2_0083E0AC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	1_2_0083E0AC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax]	1_2_008500B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+ebx], 0000h	1_2_0086C1D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-38B2FA5Ch]	1_2_00852120
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_00852120
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-25088CECh]	1_2_00832124
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+12h]	1_2_0082C130
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+04h], ecx	1_2_0082E174
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+00000084h]	1_2_0083E2C6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 720EEED4h	1_2_00868240
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+eax+08h]	1_2_00868240
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+6C0B83D6h]	1_2_00868240
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	1_2_0082A390
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	1_2_0082A390
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, edx	1_2_0086C320
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	1_2_0085836E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	1_2_0083A370
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+eax+00h], 0000h	1_2_0083A430
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+03h]	1_2_00844430
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	1_2_0085845D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_00852540
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+2Ch]	1_2_00850650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-52h]	1_2_00850670
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+08h]	1_2_00842792
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 8D94E5DFh	1_2_00864750
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+eax]	1_2_00864750
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	1_2_00860880
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movsx edx, byte ptr [ebx+ecx]	1_2_0086A88E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 743EDB10h	1_2_0086C8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-000000B2h]	1_2_00830994
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], ebx	1_2_008569C1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0084CBB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	1_2_00828B20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+10h]	1_2_00840B40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+10h]	1_2_00840B40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, ecx	1_2_0083EB66
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+edx+02h], 0000h	1_2_00864B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h	1_2_0083EEFE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+00000084h]	1_2_0083EEFE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+62h]	1_2_00832F82
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, byte ptr [esp+esi-000000FEh]	1_2_0086D0C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+04h]	1_2_008690EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	1_2_008492A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2B12B9D2h]	1_2_0084F3C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	1_2_008573CB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+04h], ecx	1_2_0083D315
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	1_2_0084D32F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+02h]	1_2_00831368
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	1_2_008574D1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-313E762Ah]	1_2_0086B680
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-313E762Ah]	1_2_0086B790
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	1_2_0082F769
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_00831822
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx-443B8DA2h]	1_2_0083D99F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	1_2_0083D99F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-313E762Ah]	1_2_0086B9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-313E762Ah]	1_2_0086B900
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_00849910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F7D6D3F6h	1_2_0086D960
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, edi	1_2_00843A80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-79B0712Ah]	1_2_0084DAA2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, word ptr [eax]	1_2_0084DAA2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h	1_2_0084DAA2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-313E762Ah]	1_2_0086BA40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+12EB444Ah]	1_2_0082FB20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+5Dh]	1_2_0082DC9E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	1_2_00853EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ebp+02h]	1_2_00849F30
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68h]	1_2_0083FF37
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx+03h]	1_2_00845F40

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: absoulpushx.life/QZwszc
Source: Malware configuration extractor	URLs: begindecafer.world/QwdZdf
Source: Malware configuration extractor	URLs: garagedrootz.top/oPsoJAN
Source: Malware configuration extractor	URLs: modelshiverd.icu/bJhnsj
Source: Malware configuration extractor	URLs: arisechairedd.shop/JnsHY
Source: Malware configuration extractor	URLs: catterjur.run/boSnzhu
Source: Malware configuration extractor	URLs: orangemyther.live/IozZ
Source: Malware configuration extractor	URLs: fostinjec.today/LksNAz

Source: global traffic

TCP traffic: 192.168.2.6:56568 -> 162.159.36.2:53

Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com

Source: Joe Sandbox View

IP Address: 23.197.127.21 23.197.127.21

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49687 -> 23.197.127.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49688 -> 23.197.127.21:443

Source: unknown	DNS traffic detected: query: garagedrootz.top replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: arisechairedd.shop replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: orangemyther.live replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: begindecafer.world replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: sterpickced.digital replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: absoulpushx.life replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: fostinjec.today replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: 56.163.245.4.in-addr.arpa replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: catterjur.run replaycode: Name error (3)
Source: unknown	DNS traffic detected: query: modelshiverd.icu replaycode: Name error (3)

Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com

Source: file.exe, 00000001.00000003.1367465394.0000000001183000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000001.00000003.1367465394.0000000001183000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C4ee1dd1eefdeae17dcd8ab284b4c9b78; path=/; secure; HttpOnly; SameSite=Nonesessionid=3a4489118468f78cd67cd82c; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26244Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:50:14 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control] equals www.youtube.com (Youtube)
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C4ee1dd1eefdeae17dcd8ab284b4c9b78; path=/; secure; HttpOnly; SameSite=Nonesessionid=650833ed8936b9f08c727be3; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26244Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:50:11 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-ControlE equals www.youtube.com (Youtube)
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: absoulpushx.life
Source: global traffic	DNS traffic detected: DNS query: begindecafer.world
Source: global traffic	DNS traffic detected: DNS query: garagedrootz.top
Source: global traffic	DNS traffic detected: DNS query: modelshiverd.icu
Source: global traffic	DNS traffic detected: DNS query: arisechairedd.shop
Source: global traffic	DNS traffic detected: DNS query: catterjur.run
Source: global traffic	DNS traffic detected: DNS query: orangemyther.live
Source: global traffic	DNS traffic detected: DNS query: fostinjec.today
Source: global traffic	DNS traffic detected: DNS query: sterpickced.digital
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: 56.163.245.4.in-addr.arpa

Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=J1-T6FXbrr0Z&a
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_c
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=jfdbROVe
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=39xC
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&am
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&am
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386910629.0000000001153000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000001.00000003.1367610987.0000000001189000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1387114438.000000000118A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367465394.0000000001183000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/e
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000001.00000003.1367465394.0000000001183000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337644084.0000000001153000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199822375128
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamloopback.host
Source: file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000001.00000003.1367465394.0000000001183000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1338759973.0000000001189000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000001.00000003.1337644084.0000000001183000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367610987.0000000001189000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367465394.0000000001183000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1338759973.0000000001189000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou
Source: file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000001.00000003.1367465394.000000000114D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337644084.000000000114D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49687
Source: unknown	Network traffic detected: HTTP traffic on port 49687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443

Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.6:49687 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.6:49688 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0082E660	1_2_0082E660
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0082D780	1_2_0082D780
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00869775	1_2_00869775
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0082DA3A	1_2_0082DA3A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00936082	1_2_00936082
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0086C0A0	1_2_0086C0A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0083E0AC	1_2_0083E0AC
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008500B0	1_2_008500B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008EC0C9	1_2_008EC0C9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009520F2	1_2_009520F2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009200FB	1_2_009200FB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C40FD	1_2_008C40FD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090E0E6	1_2_0090E0E6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093A03E	1_2_0093A03E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C2049	1_2_008C2049
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089C04E	1_2_0089C04E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091404F	1_2_0091404F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FE06B	1_2_008FE06B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091E07F	1_2_0091E07F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0095006E	1_2_0095006E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A2074	1_2_008A2074
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CE073	1_2_008CE073
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00840180	1_2_00840180
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A618E	1_2_008A618E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008901C9	1_2_008901C9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F01CF	1_2_008F01CF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F41C1	1_2_008F41C1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008561D8	1_2_008561D8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090C1FD	1_2_0090C1FD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00852120	1_2_00852120
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091C17A	1_2_0091C17A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B8167	1_2_008B8167
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F217C	1_2_008F217C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0085617E	1_2_0085617E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A0174	1_2_008A0174
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094416B	1_2_0094416B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DE294	1_2_008DE294
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009382B2	1_2_009382B2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008EA2A1	1_2_008EA2A1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FE2B3	1_2_008FE2B3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E22B1	1_2_008E22B1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008BC2CA	1_2_008BC2CA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0083E2C6	1_2_0083E2C6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009162D6	1_2_009162D6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009FC2D6	1_2_009FC2D6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092C2D9	1_2_0092C2D9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E82DB	1_2_008E82DB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009462F4	1_2_009462F4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093E2FF	1_2_0093E2FF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008562F9	1_2_008562F9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B020F	1_2_008B020F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00936214	1_2_00936214
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DC22F	1_2_008DC22F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F8222	1_2_008F8222
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00868240	1_2_00868240
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093A25E	1_2_0093A25E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DA25F	1_2_008DA25F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008AC25E	1_2_008AC25E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B425D	1_2_008B425D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D226F	1_2_008D226F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F627E	1_2_008F627E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0082A390	1_2_0082A390
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CE391	1_2_008CE391
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E63B8	1_2_008E63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009403A3	1_2_009403A3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008943C8	1_2_008943C8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094C3DD	1_2_0094C3DD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089E3DA	1_2_0089E3DA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D43E5	1_2_008D43E5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009723EE	1_2_009723EE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00908319	1_2_00908319
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00836312	1_2_00836312
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0086C320	1_2_0086C320
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092A32A	1_2_0092A32A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093235D	1_2_0093235D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C835C	1_2_008C835C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089836B	1_2_0089836B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00924375	1_2_00924375
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008AE367	1_2_008AE367
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FA37A	1_2_008FA37A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009EC368	1_2_009EC368
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094E49C	1_2_0094E49C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D8495	1_2_008D8495
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009224A9	1_2_009224A9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092E4E9	1_2_0092E4E9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093041B	1_2_0093041B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090641D	1_2_0090641D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091E403	1_2_0091E403
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A4419	1_2_008A4419
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00942407	1_2_00942407
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008AA410	1_2_008AA410
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008EC42F	1_2_008EC42F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0083A430	1_2_0083A430
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CC441	1_2_008CC441
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008BE45D	1_2_008BE45D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090A47C	1_2_0090A47C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0082C470	1_2_0082C470
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C6587	1_2_008C6587
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00840589	1_2_00840589
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C4598	1_2_008C4598
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DE59B	1_2_008DE59B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091C588	1_2_0091C588
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0085E5A0	1_2_0085E5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008EC5A6	1_2_008EC5A6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009525BA	1_2_009525BA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D65BE	1_2_008D65BE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008445B0	1_2_008445B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008AC5BF	1_2_008AC5BF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A05BC	1_2_008A05BC
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009365D3	1_2_009365D3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009205D4	1_2_009205D4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E25DB	1_2_008E25DB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089C5DF	1_2_0089C5DF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0085C530	1_2_0085C530
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F4531	1_2_008F4531
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090E52F	1_2_0090E52F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00944557	1_2_00944557
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00852540	1_2_00852540
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00912556	1_2_00912556
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008EE544	1_2_008EE544
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E655F	1_2_008E655F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00918545	1_2_00918545
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009C4542	1_2_009C4542
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B0566	1_2_008B0566
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00898680	1_2_00898680
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094668C	1_2_0094668C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B2690	1_2_008B2690
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009026B5	1_2_009026B5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E06A6	1_2_008E06A6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DC6C8	1_2_008DC6C8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009426DF	1_2_009426DF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009266CB	1_2_009266CB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009586FD	1_2_009586FD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C261F	1_2_008C261F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F861C	1_2_008F861C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A8623	1_2_008A8623
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093A642	1_2_0093A642
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00850650	1_2_00850650
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B8655	1_2_008B8655
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0086266C	1_2_0086266C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00850670	1_2_00850670
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FA675	1_2_008FA675
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F2789	1_2_008F2789
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00822790	1_2_00822790
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FE7AD	1_2_008FE7AD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E87A3	1_2_008E87A3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092A7A6	1_2_0092A7A6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009167A6	1_2_009167A6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009547D7	1_2_009547D7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009407D9	1_2_009407D9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089E7DF	1_2_0089E7DF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089A7DE	1_2_0089A7DE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C87E2	1_2_008C87E2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008AA7FA	1_2_008AA7FA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A07FB	1_2_008A07FB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008BE7FF	1_2_008BE7FF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091A7E7	1_2_0091A7E7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00918717	1_2_00918717
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008EA729	1_2_008EA729
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00906740	1_2_00906740
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00864750	1_2_00864750
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00948742	1_2_00948742
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DA769	1_2_008DA769
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088E767	1_2_0088E767
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C0772	1_2_008C0772
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0086A88E	1_2_0086A88E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008BC898	1_2_008BC898
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008EE899	1_2_008EE899
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C08BC	1_2_008C08BC
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0086C8C0	1_2_0086C8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F28DF	1_2_008F28DF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009328C1	1_2_009328C1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B48D8	1_2_008B48D8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094E8F5	1_2_0094E8F5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009308E2	1_2_009308E2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091E8E5	1_2_0091E8E5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00824802	1_2_00824802
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00844860	1_2_00844860
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A487E	1_2_008A487E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CE871	1_2_008CE871
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B6982	1_2_008B6982
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C2987	1_2_008C2987
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009249B8	1_2_009249B8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008469B4	1_2_008469B4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090E9AD	1_2_0090E9AD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009049D1	1_2_009049D1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008AE9C7	1_2_008AE9C7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009509C6	1_2_009509C6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009C09FE	1_2_009C09FE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B09E3	1_2_008B09E3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D89E2	1_2_008D89E2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0095A9E8	1_2_0095A9E8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00848900	1_2_00848900
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093E91A	1_2_0093E91A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E2939	1_2_008E2939
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009F6921	1_2_009F6921
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D095D	1_2_008D095D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A8958	1_2_008A8958
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00850962	1_2_00850962
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F497E	1_2_008F497E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00920963	1_2_00920963
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DE978	1_2_008DE978
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D4A87	1_2_008D4A87
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00920AA2	1_2_00920AA2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00858AC0	1_2_00858AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00900AC5	1_2_00900AC5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00856AE5	1_2_00856AE5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A6AF9	1_2_008A6AF9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CAA0F	1_2_008CAA0F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DCA07	1_2_008DCA07
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B8A00	1_2_008B8A00
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F2A17	1_2_008F2A17
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FEA2E	1_2_008FEA2E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00956A34	1_2_00956A34
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092EA3E	1_2_0092EA3E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00928A3D	1_2_00928A3D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00944A25	1_2_00944A25
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00902A58	1_2_00902A58
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E6A5E	1_2_008E6A5E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00952A4A	1_2_00952A4A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00938A6C	1_2_00938A6C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00948B90	1_2_00948B90
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00930B9C	1_2_00930B9C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094EBBB	1_2_0094EBBB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0084CBB0	1_2_0084CBB0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089EBB6	1_2_0089EBB6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0082CBD0	1_2_0082CBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094ABFE	1_2_0094ABFE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CEBF8	1_2_008CEBF8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00954B18	1_2_00954B18
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FAB01	1_2_008FAB01
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00958B1B	1_2_00958B1B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DAB14	1_2_008DAB14
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FCB15	1_2_008FCB15
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00828B20	1_2_00828B20
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DCB26	1_2_008DCB26
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E0B30	1_2_008E0B30
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00908B52	1_2_00908B52
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00840B40	1_2_00840B40
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093CB5D	1_2_0093CB5D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00822B50	1_2_00822B50
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00896B55	1_2_00896B55
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F4B50	1_2_008F4B50
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00864B60	1_2_00864B60
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C6B65	1_2_008C6B65
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0086CC80	1_2_0086CC80
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F0C83	1_2_008F0C83
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E8CAE	1_2_008E8CAE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CCCB4	1_2_008CCCB4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E2CDB	1_2_008E2CDB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092ACCB	1_2_0092ACCB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C0CD0	1_2_008C0CD0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008BCCFE	1_2_008BCCFE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00892C14	1_2_00892C14
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C8C24	1_2_008C8C24
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C4C3C	1_2_008C4C3C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089AC3D	1_2_0089AC3D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00914C45	1_2_00914C45
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00926C46	1_2_00926C46
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00894C66	1_2_00894C66
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00940C7B	1_2_00940C7B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091AC69	1_2_0091AC69
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00922D81	1_2_00922D81
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D6D99	1_2_008D6D99
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CADAE	1_2_008CADAE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F8DC7	1_2_008F8DC7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E6DDD	1_2_008E6DDD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D8DD4	1_2_008D8DD4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DCDD3	1_2_008DCDD3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008AEDEA	1_2_008AEDEA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009F4DFB	1_2_009F4DFB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00930DF4	1_2_00930DF4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093EDE2	1_2_0093EDE2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F2DF8	1_2_008F2DF8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A8D00	1_2_008A8D00
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D2D10	1_2_008D2D10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090ED28	1_2_0090ED28
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090AD51	1_2_0090AD51
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0083CD45	1_2_0083CD45
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00952D75	1_2_00952D75
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00944D7C	1_2_00944D7C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008BED73	1_2_008BED73
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00896E99	1_2_00896E99
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D4EBD	1_2_008D4EBD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DAED5	1_2_008DAED5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F6ED3	1_2_008F6ED3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092AEF1	1_2_0092AEF1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FEEE7	1_2_008FEEE7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0083EEFE	1_2_0083EEFE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00906E15	1_2_00906E15
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00924E1A	1_2_00924E1A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00928E19	1_2_00928E19
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00890E19	1_2_00890E19
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008EAE16	1_2_008EAE16
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091EE37	1_2_0091EE37
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B6E27	1_2_008B6E27
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00954E5C	1_2_00954E5C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008BAE52	1_2_008BAE52
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00908E4B	1_2_00908E4B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B0E69	1_2_008B0E69
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00946E65	1_2_00946E65
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E0F86	1_2_008E0F86
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093CF98	1_2_0093CF98
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00942F85	1_2_00942F85
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00836F90	1_2_00836F90
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00910F87	1_2_00910F87
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00926FA6	1_2_00926FA6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00900FDD	1_2_00900FDD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00930FDD	1_2_00930FDD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008ECFDF	1_2_008ECFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CEFEC	1_2_008CEFEC
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092EFF4	1_2_0092EFF4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00958FFF	1_2_00958FFF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00862FF0	1_2_00862FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094AFE2	1_2_0094AFE2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A0F21	1_2_008A0F21
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FAF35	1_2_008FAF35
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0095CF29	1_2_0095CF29
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093AF4D	1_2_0093AF4D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008AAF78	1_2_008AAF78
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C5084	1_2_008C5084
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008930AB	1_2_008930AB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009490B3	1_2_009490B3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009510AD	1_2_009510AD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0086D0C0	1_2_0086D0C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D30C4	1_2_008D30C4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A90C6	1_2_008A90C6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F10DF	1_2_008F10DF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B50D9	1_2_008B50D9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009430F5	1_2_009430F5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008690EF	1_2_008690EF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00827006	1_2_00827006
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094F012	1_2_0094F012
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089902E	1_2_0089902E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00829030	1_2_00829030
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00821040	1_2_00821040
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F704A	1_2_008F704A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F5069	1_2_008F5069
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093507F	1_2_0093507F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00921190	1_2_00921190
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089F186	1_2_0089F186
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A519E	1_2_008A519E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00919186	1_2_00919186
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C3191	1_2_008C3191
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009091B0	1_2_009091B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089B1BB	1_2_0089B1BB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009E71DE	1_2_009E71DE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CB1CE	1_2_008CB1CE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008511DA	1_2_008511DA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E71FE	1_2_008E71FE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C51F2	1_2_008C51F2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E9105	1_2_008E9105
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00917157	1_2_00917157
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008BF146	1_2_008BF146
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B9144	1_2_008B9144
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090F144	1_2_0090F144
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088F156	1_2_0088F156
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00865160	1_2_00865160
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DD16B	1_2_008DD16B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00907177	1_2_00907177
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00945173	1_2_00945173
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C728E	1_2_008C728E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F9284	1_2_008F9284
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00903282	1_2_00903282
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008492A0	1_2_008492A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E12BF	1_2_008E12BF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009572A1	1_2_009572A1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008EB2B2	1_2_008EB2B2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009272AE	1_2_009272AE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F32B2	1_2_008F32B2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0082D2F0	1_2_0082D2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008912FA	1_2_008912FA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009252E7	1_2_009252E7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DF2FA	1_2_008DF2FA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008BB2F1	1_2_008BB2F1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FB203	1_2_008FB203
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D1222	1_2_008D1222
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0085B238	1_2_0085B238
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094725F	1_2_0094725F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00863250	1_2_00863250
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091F27A	1_2_0091F27A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00937386	1_2_00937386
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00865390	1_2_00865390
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009473BC	1_2_009473BC
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093D3A5	1_2_0093D3A5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092F3D9	1_2_0092F3D9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008573CB	1_2_008573CB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009453DA	1_2_009453DA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094F3DB	1_2_0094F3DB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009133C4	1_2_009133C4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FD3EF	1_2_008FD3EF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094B3F8	1_2_0094B3F8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009113E0	1_2_009113E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093B3EB	1_2_0093B3EB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0083D315	1_2_0083D315
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F7329	1_2_008F7329
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0084D32F	1_2_0084D32F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A334E	1_2_008A334E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093935F	1_2_0093935F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E5358	1_2_008E5358
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D137A	1_2_008D137A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00901499	1_2_00901499
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093F4A7	1_2_0093F4A7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E94D9	1_2_008E94D9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F54D7	1_2_008F54D7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A54E5	1_2_008A54E5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009074EC	1_2_009074EC
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091D411	1_2_0091D411
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B7409	1_2_008B7409
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090D416	1_2_0090D416
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B3407	1_2_008B3407
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091B401	1_2_0091B401
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00929408	1_2_00929408
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009F1404	1_2_009F1404
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00931452	1_2_00931452
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00855440	1_2_00855440
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008FB456	1_2_008FB456
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00943479	1_2_00943479
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00823580	1_2_00823580
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0082B590	1_2_0082B590
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008AD593	1_2_008AD593
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008295B0	1_2_008295B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CD5B8	1_2_008CD5B8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009175AB	1_2_009175AB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009195C2	1_2_009195C2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092B5CE	1_2_0092B5CE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009095F3	1_2_009095F3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008BF5E1	1_2_008BF5E1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008EF5E1	1_2_008EF5E1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008355F6	1_2_008355F6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CB5FB	1_2_008CB5FB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088D5F6	1_2_0088D5F6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094951A	1_2_0094951A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089F521	1_2_0089F521
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00959543	1_2_00959543
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B9555	1_2_008B9555
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B156F	1_2_008B156F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00895579	1_2_00895579
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094156D	1_2_0094156D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089B575	1_2_0089B575
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0085357B	1_2_0085357B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0086B680	1_2_0086B680
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090369E	1_2_0090369E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F5699	1_2_008F5699
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008ED696	1_2_008ED696
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0095568C	1_2_0095568C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D56A3	1_2_008D56A3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008916B1	1_2_008916B1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008676C0	1_2_008676C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009056F1	1_2_009056F1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008BD6E3	1_2_008BD6E3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009136FA	1_2_009136FA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009356E4	1_2_009356E4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A9600	1_2_008A9600
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008D963D	1_2_008D963D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F163B	1_2_008F163B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A1658	1_2_008A1658
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0090F646	1_2_0090F646
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F966F	1_2_008F966F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DD66A	1_2_008DD66A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008AB66D	1_2_008AB66D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091B791	1_2_0091B791
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0086B790	1_2_0086B790
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008C57DA	1_2_008C57DA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A7713	1_2_008A7713
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008B572B	1_2_008B572B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008DF72C	1_2_008DF72C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00923725	1_2_00923725
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F7734	1_2_008F7734
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00865747	1_2_00865747
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092575A	1_2_0092575A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0084F760	1_2_0084F760
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00927763	1_2_00927763
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094D88A	1_2_0094D88A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008518B6	1_2_008518B6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094B8A3	1_2_0094B8A3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009398AF	1_2_009398AF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009F98DF	1_2_009F98DF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008638C0	1_2_008638C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009158D9	1_2_009158D9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009E38D4	1_2_009E38D4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092F8D9	1_2_0092F8D9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009318DF	1_2_009318DF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009058C7	1_2_009058C7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008F18E3	1_2_008F18E3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009378E3	1_2_009378E3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008CF8FE	1_2_008CF8FE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089F803	1_2_0089F803
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E5818	1_2_008E5818
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00831822	1_2_00831822
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0093B828	1_2_0093B828
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008A384D	1_2_008A384D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0084D850	1_2_0084D850
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091D84B	1_2_0091D84B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008E986D	1_2_008E986D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0089B864	1_2_0089B864
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0094F864	1_2_0094F864
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0092D868	1_2_0092D868
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00909982	1_2_00909982
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00949982	1_2_00949982

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0083A420 appears 110 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0082B380 appears 47 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: nxxmaptf ZLIB complexity 0.9946442347988418

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@12/1

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00858AC0 CoCreateInstance,

1_2_00858AC0

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	Virustotal: Detection: 57%
Source: file.exe	ReversingLabs: Detection: 57%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 2084352 > 1048576

Source: file.exe

Static PE information: Raw size of nxxmaptf is bigger than: 0x100000 < 0x19a200

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 1.2.file.exe.820000.0.unpack :EW;.rsrc:W;.idata :W; :EW;nxxmaptf:EW;gppvohye:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;nxxmaptf:EW;gppvohye:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x209039 should be: 0x20bd43

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: nxxmaptf
Source: file.exe	Static PE information: section name: gppvohye
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00888085 push ecx; mov dword ptr [esp], edi	1_2_00888086
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00888085 push esi; mov dword ptr [esp], ecx	1_2_0088958B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00A880B5 push 6F50D300h; mov dword ptr [esp], eax	1_2_00A880C3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088601C push edx; mov dword ptr [esp], edi	1_2_008860F1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00A6600B push 0B329AB5h; mov dword ptr [esp], esi	1_2_00A6602B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088A03A push ebx; mov dword ptr [esp], edx	1_2_0088BCC5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088A03A push 30916FC4h; mov dword ptr [esp], ebp	1_2_0088BCDF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088404A push 2E1CF851h; mov dword ptr [esp], ebx	1_2_0088421A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088404A push 28132762h; mov dword ptr [esp], edx	1_2_00884492
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00888192 push ebp; mov dword ptr [esp], edi	1_2_0088A3B5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008861A8 push 13188A68h; mov dword ptr [esp], esi	1_2_008861AD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008861B5 push 540011AFh; mov dword ptr [esp], ebp	1_2_00886523
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008861CD push ebp; mov dword ptr [esp], edi	1_2_00886BBA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00A481FA push 25C004A1h; mov dword ptr [esp], esi	1_2_00A48202
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008881D6 push esi; mov dword ptr [esp], edx	1_2_00889730
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00A8E1C5 push edx; mov dword ptr [esp], 00078C80h	1_2_00A8E1CA
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00A8E1C5 push ecx; mov dword ptr [esp], eax	1_2_00A8E220
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00A8E1C5 push ecx; mov dword ptr [esp], ebp	1_2_00A8E2BC
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_009321FD push ebp; mov dword ptr [esp], ecx	1_2_009322A1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008861F1 push ebx; mov dword ptr [esp], 44588EE9h	1_2_00886E02
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_008861F1 push eax; mov dword ptr [esp], ebx	1_2_00886E56
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00A9C127 push 4DA1D7E9h; mov dword ptr [esp], eax	1_2_00A9C1DE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00886119 push 465ADCA5h; mov dword ptr [esp], esi	1_2_00886496
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091613B push edx; mov dword ptr [esp], eax	1_2_00916157
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0091613B push 1C75E1A1h; mov dword ptr [esp], eax	1_2_009161A1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088613F push ebx; mov dword ptr [esp], 5FC285CBh	1_2_0088615C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088613F push esi; mov dword ptr [esp], 1534BA13h	1_2_00886D44
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00A6611F push ebp; mov dword ptr [esp], eax	1_2_00A66159
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00A6611F push 3C9DA8DFh; mov dword ptr [esp], ecx	1_2_00A661B7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088814C push ebp; mov dword ptr [esp], esi	1_2_0088B424
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_0088417E push ebx; mov dword ptr [esp], edi	1_2_00884292

Source: file.exe	Static PE information: section name: entropy: 7.197290699143149
Source: file.exe	Static PE information: section name: nxxmaptf entropy: 7.954962903371687

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 886015 second address: 886032 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA86A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 886032 second address: 88603D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F9868E9DF06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A003ED second address: A003F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF658 second address: 9FF65C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF65C second address: 9FF6B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA869Eh 0x00000007 jng 00007F9868EA8696h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 jmp 00007F9868EA869Dh 0x00000015 jmp 00007F9868EA869Dh 0x0000001a pop esi 0x0000001b jmp 00007F9868EA86A8h 0x00000020 jmp 00007F9868EA869Bh 0x00000025 popad 0x00000026 pushad 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF6B8 second address: 9FF6C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F9868E9DF06h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF6C7 second address: 9FF6CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF6CB second address: 9FF6D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF6D1 second address: 9FF6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9868EA86A8h 0x0000000d jnc 00007F9868EA8696h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF9C9 second address: 9FF9CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF9CF second address: 9FF9D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF9D5 second address: 9FF9DA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FF9DA second address: 9FF9E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A03769 second address: A0376D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A03800 second address: A03804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A03804 second address: A03808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A03808 second address: A03811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A03811 second address: A03861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 add dword ptr [esp], 7646FE74h 0x0000000d mov ecx, 7E062B26h 0x00000012 push 00000003h 0x00000014 mov ecx, dword ptr [ebp+122D28F1h] 0x0000001a push 00000000h 0x0000001c stc 0x0000001d push 00000003h 0x0000001f jmp 00007F9868E9DF18h 0x00000024 stc 0x00000025 call 00007F9868E9DF09h 0x0000002a ja 00007F9868E9DF14h 0x00000030 pushad 0x00000031 je 00007F9868E9DF06h 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A03861 second address: A038BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jo 00007F9868EA86AFh 0x0000000c jmp 00007F9868EA86A9h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push edx 0x00000016 jmp 00007F9868EA86A1h 0x0000001b pop edx 0x0000001c mov eax, dword ptr [eax] 0x0000001e push edx 0x0000001f push eax 0x00000020 pushad 0x00000021 popad 0x00000022 pop eax 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 push eax 0x00000029 push edx 0x0000002a jns 00007F9868EA86A0h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A038BB second address: A038E6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jne 00007F9868E9DF06h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d mov ecx, 490B3EF1h 0x00000012 lea ebx, dword ptr [ebp+12451521h] 0x00000018 and edi, dword ptr [ebp+122D29EDh] 0x0000001e xchg eax, ebx 0x0000001f pushad 0x00000020 push ebx 0x00000021 jno 00007F9868E9DF06h 0x00000027 pop ebx 0x00000028 push ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A038E6 second address: A038F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A03946 second address: A039BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F9868E9DF12h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9868E9DF14h 0x00000016 pop edx 0x00000017 nop 0x00000018 ja 00007F9868E9DF06h 0x0000001e push 00000000h 0x00000020 add dword ptr [ebp+122D30C2h], eax 0x00000026 call 00007F9868E9DF09h 0x0000002b pushad 0x0000002c push esi 0x0000002d jmp 00007F9868E9DF10h 0x00000032 pop esi 0x00000033 pushad 0x00000034 jbe 00007F9868E9DF06h 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A039BB second address: A039F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jl 00007F9868EA86A5h 0x0000000d jmp 00007F9868EA869Fh 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 pushad 0x00000017 push edi 0x00000018 jmp 00007F9868EA86A8h 0x0000001d pop edi 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A039F9 second address: A03A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push ecx 0x00000009 ja 00007F9868E9DF1Dh 0x0000000f jmp 00007F9868E9DF17h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push edx 0x0000001a jmp 00007F9868E9DF13h 0x0000001f pop edx 0x00000020 pop eax 0x00000021 mov dword ptr [ebp+122D37C9h], edi 0x00000027 push 00000003h 0x00000029 push 00000000h 0x0000002b push ebp 0x0000002c call 00007F9868E9DF08h 0x00000031 pop ebp 0x00000032 mov dword ptr [esp+04h], ebp 0x00000036 add dword ptr [esp+04h], 00000014h 0x0000003e inc ebp 0x0000003f push ebp 0x00000040 ret 0x00000041 pop ebp 0x00000042 ret 0x00000043 call 00007F9868E9DF12h 0x00000048 jmp 00007F9868E9DF0Ah 0x0000004d pop ecx 0x0000004e push 00000000h 0x00000050 push edx 0x00000051 add dword ptr [ebp+122D2388h], edi 0x00000057 pop ecx 0x00000058 push 00000003h 0x0000005a clc 0x0000005b call 00007F9868E9DF09h 0x00000060 jo 00007F9868E9DF12h 0x00000066 jbe 00007F9868E9DF0Ch 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A03A9F second address: A03AA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push esi 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A03AA8 second address: A03B26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push edx 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 mov eax, dword ptr [eax] 0x00000012 jmp 00007F9868E9DF0Bh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b pushad 0x0000001c jo 00007F9868E9DF08h 0x00000022 push edx 0x00000023 pop edx 0x00000024 push edx 0x00000025 jmp 00007F9868E9DF17h 0x0000002a pop edx 0x0000002b popad 0x0000002c pop eax 0x0000002d pushad 0x0000002e jmp 00007F9868E9DF13h 0x00000033 sub dword ptr [ebp+122D2812h], ecx 0x00000039 popad 0x0000003a lea ebx, dword ptr [ebp+1245152Ch] 0x00000040 mov dx, bx 0x00000043 xchg eax, ebx 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F9868E9DF11h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A03B26 second address: A03B34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F9868EA8696h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A15538 second address: A1554D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1554D second address: A15560 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9868EA869Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23F13 second address: A23F17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F5EF3 second address: 9F5F37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA86A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f jnp 00007F9868EA8696h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 jns 00007F9868EA8696h 0x0000001f jmp 00007F9868EA86A3h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21E2B second address: A21E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21E34 second address: A21E38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21E38 second address: A21E67 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9868E9DF06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F9868E9DF19h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21E67 second address: A21E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21E6F second address: A21E85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F9868E9DF11h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A21E85 second address: A21E95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9868EA869Ah 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2268B second address: A226AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F9868E9DF17h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A226AB second address: A226B1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A226B1 second address: A226BB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9868E9DF0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22AB9 second address: A22ABD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22D3C second address: A22D40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22D40 second address: A22D62 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9868EA8696h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9868EA86A4h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A22D62 second address: A22D66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1A798 second address: A1A7BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9868EA86A9h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23059 second address: A23061 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23061 second address: A2306C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007F9868EA8696h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23651 second address: A23655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23655 second address: A2366A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F9868EA869Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23956 second address: A23979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop edi 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9868E9DF14h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23979 second address: A2398C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F9868EA8696h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A23AE9 second address: A23AED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A26210 second address: A2621A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F9868EA8696h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2621A second address: A26224 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9868E9DF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A0F2 second address: A2A0F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A289F0 second address: A289F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A291B4 second address: A291BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A315 second address: A2A319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A319 second address: A2A327 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9868EA8696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A327 second address: A2A32B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A32B second address: A2A34B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b js 00007F9868EA8696h 0x00000011 jmp 00007F9868EA869Eh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A34B second address: A2A351 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A351 second address: A2A367 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9868EA8696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A367 second address: A2A36D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2A36D second address: A2A380 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F9868EA8696h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EBE24 second address: 9EBE37 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9868E9DF06h 0x00000008 ja 00007F9868E9DF06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E7CF second address: A2E7D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2E7D3 second address: A2E7F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9868E9DF0Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F9868E9DF0Ch 0x00000011 jng 00007F9868E9DF06h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2EC8D second address: A2ECC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jp 00007F9868EA869Eh 0x0000000b push esi 0x0000000c jmp 00007F9868EA869Eh 0x00000011 jmp 00007F9868EA869Fh 0x00000016 pop esi 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9EBE49 second address: 9EBE4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F112 second address: A2F118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F118 second address: A2F11C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F11C second address: A2F12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F12A second address: A2F142 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9868E9DF13h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F142 second address: A2F156 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9868EA869Ah 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007F9868EA8696h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A2F2A5 second address: A2F2A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A324F7 second address: A3258F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 add dword ptr [esp], 52E5FA32h 0x0000000c mov esi, dword ptr [ebp+122D2A15h] 0x00000012 call 00007F9868EA8699h 0x00000017 pushad 0x00000018 pushad 0x00000019 push edx 0x0000001a pop edx 0x0000001b jmp 00007F9868EA869Ch 0x00000020 popad 0x00000021 push ecx 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 pop ecx 0x00000025 popad 0x00000026 push eax 0x00000027 pushad 0x00000028 jng 00007F9868EA8698h 0x0000002e pushad 0x0000002f popad 0x00000030 jmp 00007F9868EA86A8h 0x00000035 popad 0x00000036 mov eax, dword ptr [esp+04h] 0x0000003a jns 00007F9868EA86A4h 0x00000040 mov eax, dword ptr [eax] 0x00000042 jp 00007F9868EA86B2h 0x00000048 mov dword ptr [esp+04h], eax 0x0000004c pushad 0x0000004d push ecx 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A32A1C second address: A32A21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A32C49 second address: A32C4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A330FB second address: A33101 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33101 second address: A33106 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33106 second address: A3312A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9868E9DF18h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3312A second address: A33130 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33130 second address: A3314E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push esi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebx 0x0000000b sbb esi, 3AD2706Bh 0x00000011 mov esi, dword ptr [ebp+122D2BB9h] 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3314E second address: A33152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33152 second address: A33158 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33158 second address: A33170 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9868EA86A4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33333 second address: A33339 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A33339 second address: A33347 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A335FE second address: A33610 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A336DE second address: A336F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA86A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A34784 second address: A34798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F9868E9DF06h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A362B4 second address: A362BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A362BC second address: A362C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A362C0 second address: A36324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dword ptr [ebp+122D37CFh], ecx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007F9868EA8698h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c mov esi, dword ptr [ebp+12463022h] 0x00000032 jmp 00007F9868EA86A9h 0x00000037 push 00000000h 0x00000039 mov esi, dword ptr [ebp+122D2921h] 0x0000003f xchg eax, ebx 0x00000040 push eax 0x00000041 push edx 0x00000042 jnc 00007F9868EA8698h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36324 second address: A3633A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9868E9DF0Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3633A second address: A36341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36341 second address: A36347 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36347 second address: A3634B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A377D6 second address: A377DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A36AAA second address: A36AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A377DA second address: A377DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A377DE second address: A377E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3825A second address: A3825F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3825F second address: A382DE instructions: 0x00000000 rdtsc 0x00000002 js 00007F9868EA8698h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F9868EA8698h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+1245B64Eh], edx 0x0000002d or edi, dword ptr [ebp+122D294Dh] 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 call 00007F9868EA8698h 0x0000003d pop ebx 0x0000003e mov dword ptr [esp+04h], ebx 0x00000042 add dword ptr [esp+04h], 00000016h 0x0000004a inc ebx 0x0000004b push ebx 0x0000004c ret 0x0000004d pop ebx 0x0000004e ret 0x0000004f mov si, FB17h 0x00000053 push 00000000h 0x00000055 sbb esi, 40E39976h 0x0000005b xchg eax, ebx 0x0000005c pushad 0x0000005d push ecx 0x0000005e jmp 00007F9868EA869Ch 0x00000063 pop ecx 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A38D05 second address: A38D2C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9868E9DF08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F9868E9DF18h 0x00000013 jmp 00007F9868E9DF12h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A38D2C second address: A38D33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B3BD second address: A3B425 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F9868E9DF06h 0x0000000a popad 0x0000000b pop edi 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F9868E9DF08h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 pushad 0x00000028 clc 0x00000029 popad 0x0000002a push 00000000h 0x0000002c mov dword ptr [ebp+122D310Eh], edx 0x00000032 xor bx, E8ECh 0x00000037 push 00000000h 0x00000039 add edi, dword ptr [ebp+122D2754h] 0x0000003f xchg eax, esi 0x00000040 jbe 00007F9868E9DF14h 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 push edx 0x0000004a jmp 00007F9868E9DF0Ch 0x0000004f pop edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F377 second address: A3F37B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4028A second address: A40294 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9868E9DF0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A40294 second address: A402A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A402A1 second address: A40320 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F9868E9DF08h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov dword ptr [ebp+12459D99h], ecx 0x0000002a push 00000000h 0x0000002c xor ebx, dword ptr [ebp+122D2E68h] 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007F9868E9DF08h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 0000001Ah 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F9868E9DF11h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A412CE second address: A4132E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA86A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F9868EA8698h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov dword ptr [ebp+124501A9h], ecx 0x0000002a push 00000000h 0x0000002c xor edi, dword ptr [ebp+122D2B19h] 0x00000032 push 00000000h 0x00000034 mov bh, 6Fh 0x00000036 xchg eax, esi 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F9868EA86A1h 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4132E second address: A4133D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4232D second address: A42333 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A42333 second address: A42337 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A42337 second address: A42366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jns 00007F9868EA8697h 0x00000011 cld 0x00000012 movsx ebx, di 0x00000015 push 00000000h 0x00000017 jc 00007F9868EA8699h 0x0000001d push 00000000h 0x0000001f mov dword ptr [ebp+122D1A58h], esi 0x00000025 push eax 0x00000026 pushad 0x00000027 pushad 0x00000028 push ecx 0x00000029 pop ecx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C4B1 second address: A3C4B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C4B5 second address: A3C4BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4321A second address: A43286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 jp 00007F9868E9DF14h 0x0000000c nop 0x0000000d je 00007F9868E9DF12h 0x00000013 je 00007F9868E9DF0Ch 0x00000019 mov dword ptr [ebp+122D24DFh], eax 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ecx 0x00000024 call 00007F9868E9DF08h 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], ecx 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc ecx 0x00000037 push ecx 0x00000038 ret 0x00000039 pop ecx 0x0000003a ret 0x0000003b jg 00007F9868E9DF0Bh 0x00000041 push 00000000h 0x00000043 or ebx, dword ptr [ebp+122D28D1h] 0x00000049 xchg eax, esi 0x0000004a pushad 0x0000004b pushad 0x0000004c push ebx 0x0000004d pop ebx 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C4BB second address: A3C534 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA869Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov di, 6FEBh 0x00000010 push dword ptr fs:[00000000h] 0x00000017 or dword ptr [ebp+122D2D7Ah], edi 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push esi 0x00000027 call 00007F9868EA8698h 0x0000002c pop esi 0x0000002d mov dword ptr [esp+04h], esi 0x00000031 add dword ptr [esp+04h], 0000001Ah 0x00000039 inc esi 0x0000003a push esi 0x0000003b ret 0x0000003c pop esi 0x0000003d ret 0x0000003e push eax 0x0000003f pop edi 0x00000040 mov eax, dword ptr [ebp+122D0C89h] 0x00000046 movsx ebx, ax 0x00000049 push FFFFFFFFh 0x0000004b mov dword ptr [ebp+1246EF30h], eax 0x00000051 nop 0x00000052 jmp 00007F9868EA86A2h 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C534 second address: A3C53B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3C53B second address: A3C545 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9868EA869Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A44170 second address: A44174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A44174 second address: A4417A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4417A second address: A441A1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F9868E9DF17h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jl 00007F9868E9DF0Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A441A1 second address: A441A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B588 second address: A3B58E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B58E second address: A3B592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B592 second address: A3B596 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B63F second address: A3B658 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA86A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3F5B5 second address: A3F5CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F9868E9DF08h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F9868E9DF08h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A45FF9 second address: A45FFF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3B658 second address: A3B65D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A45FFF second address: A4608B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jl 00007F9868EA8696h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F9868EA86A0h 0x00000013 pushad 0x00000014 jmp 00007F9868EA869Fh 0x00000019 jmp 00007F9868EA869Eh 0x0000001e popad 0x0000001f popad 0x00000020 nop 0x00000021 mov dword ptr [ebp+122D3806h], edi 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ebx 0x0000002c call 00007F9868EA8698h 0x00000031 pop ebx 0x00000032 mov dword ptr [esp+04h], ebx 0x00000036 add dword ptr [esp+04h], 00000014h 0x0000003e inc ebx 0x0000003f push ebx 0x00000040 ret 0x00000041 pop ebx 0x00000042 ret 0x00000043 mov ebx, dword ptr [ebp+122D3089h] 0x00000049 mov ebx, dword ptr [ebp+122D2AB5h] 0x0000004f push 00000000h 0x00000051 or di, D764h 0x00000056 xchg eax, esi 0x00000057 pushad 0x00000058 jnp 00007F9868EA869Ch 0x0000005e jns 00007F9868EA8696h 0x00000064 jnp 00007F9868EA869Ch 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A40520 second address: A40524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A487E4 second address: A487EE instructions: 0x00000000 rdtsc 0x00000002 js 00007F9868EA8696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A414CD second address: A41524 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a and edi, 226C55EFh 0x00000010 push dword ptr fs:[00000000h] 0x00000017 mov dword ptr fs:[00000000h], esp 0x0000001e add dword ptr [ebp+122D2DCFh], edx 0x00000024 cmc 0x00000025 mov eax, dword ptr [ebp+122D064Dh] 0x0000002b movsx ebx, dx 0x0000002e xor ebx, dword ptr [ebp+122D2860h] 0x00000034 push FFFFFFFFh 0x00000036 sbb ebx, 1D925902h 0x0000003c mov di, FEDBh 0x00000040 nop 0x00000041 push eax 0x00000042 push edx 0x00000043 jo 00007F9868E9DF14h 0x00000049 jmp 00007F9868E9DF0Eh 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A41524 second address: A41529 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A41529 second address: A41546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9868E9DF13h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A41546 second address: A4154B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4A6D6 second address: A4A6DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4A6DC second address: A4A73D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F9868EA8696h 0x00000009 jmp 00007F9868EA86A7h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], eax 0x00000014 jnc 00007F9868EA8697h 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push ecx 0x0000001f call 00007F9868EA8698h 0x00000024 pop ecx 0x00000025 mov dword ptr [esp+04h], ecx 0x00000029 add dword ptr [esp+04h], 00000015h 0x00000031 inc ecx 0x00000032 push ecx 0x00000033 ret 0x00000034 pop ecx 0x00000035 ret 0x00000036 mov dword ptr [ebp+12478A81h], eax 0x0000003c push 00000000h 0x0000003e sub dword ptr [ebp+122D2754h], esi 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push ebx 0x00000048 push esi 0x00000049 pop esi 0x0000004a pop ebx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A45319 second address: A4531D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A4531D second address: A45327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A48990 second address: A48994 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A48994 second address: A489B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9868EA86A8h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A489B4 second address: A48A59 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F9868E9DF0Fh 0x0000000d nop 0x0000000e cmc 0x0000000f jnp 00007F9868E9DF0Ch 0x00000015 push dword ptr fs:[00000000h] 0x0000001c jp 00007F9868E9DF0Ch 0x00000022 add edi, 3B0822C1h 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007F9868E9DF08h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 00000016h 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 jmp 00007F9868E9DF15h 0x0000004e mov eax, dword ptr [ebp+122D06BDh] 0x00000054 and ebx, 2FFB89EDh 0x0000005a push FFFFFFFFh 0x0000005c xor di, F3F6h 0x00000061 nop 0x00000062 jmp 00007F9868E9DF18h 0x00000067 push eax 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c push ebx 0x0000006d pop ebx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A48A59 second address: A48A5F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A49904 second address: A49908 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9ED987 second address: 9ED991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A558A0 second address: A558CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF0Eh 0x00000007 jbe 00007F9868E9DF13h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A558CB second address: A558F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA86A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jns 00007F9868EA8696h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A558F2 second address: A558FC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9868E9DF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5B471 second address: A5B478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5B478 second address: A5B47D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5B5E7 second address: A5B5EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5B5EB second address: A5B5F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5FD9E second address: A5FDB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F9868EA86A3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A5FDB7 second address: A5FDBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A604CC second address: A604D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A604D3 second address: A604D8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6062F second address: A60633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60633 second address: A6063F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9868E9DF06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6063F second address: A6064C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F9868EA8696h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A607B4 second address: A607BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A607BC second address: A607C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60A86 second address: A60A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A60A8A second address: A60A96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A66B08 second address: A66B14 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9868E9DF06h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A66B14 second address: A66B1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A661FD second address: A66203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A66203 second address: A66250 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA86A6h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c jmp 00007F9868EA869Fh 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d jns 00007F9868EA8696h 0x00000023 popad 0x00000024 jns 00007F9868EA869Eh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A665CB second address: A665F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF14h 0x00000007 jmp 00007F9868E9DF12h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A665F5 second address: A665FF instructions: 0x00000000 rdtsc 0x00000002 js 00007F9868EA869Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6A9D0 second address: A6A9DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jns 00007F9868E9DF06h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6A9DF second address: A6AA05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F9868EA86ADh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F227 second address: A6F22B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F22B second address: A6F22F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F36F second address: A6F373 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6F7C1 second address: A6F7D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9868EA869Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6FC5B second address: A6FC88 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9868E9DF06h 0x00000008 je 00007F9868E9DF06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jc 00007F9868E9DF06h 0x00000018 jmp 00007F9868E9DF15h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6FDDE second address: A6FDE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A701DD second address: A701E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A701E3 second address: A701E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1B312 second address: A1B316 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1B316 second address: A1B31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1B31C second address: A1B326 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F9868E9DF1Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A1B326 second address: A1B33E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9868EA86A1h 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FADD0 second address: 9FADD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FADD4 second address: 9FADDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FADDA second address: 9FADE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FADE4 second address: 9FADE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7060D second address: A70631 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F9868E9DF10h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9868E9DF0Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6EF71 second address: A6EF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F9868EA8696h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A6EF7B second address: A6EF81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A754C7 second address: A754CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A754CC second address: A754D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A754D2 second address: A754ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9868EA86A7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74341 second address: A7435B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push edi 0x00000007 jne 00007F9868E9DF06h 0x0000000d jnp 00007F9868E9DF06h 0x00000013 pop edi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push ecx 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7435B second address: A74364 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74364 second address: A74368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A30EBD second address: A30EC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A30EC4 second address: A1A798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F9868E9DF19h 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F9868E9DF08h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 or dword ptr [ebp+122D3766h], edi 0x0000002e call dword ptr [ebp+122D3027h] 0x00000034 jmp 00007F9868E9DF17h 0x00000039 pushad 0x0000003a push esi 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3138E second address: A31392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31392 second address: A313A0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31534 second address: A31538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31538 second address: A3153C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3153C second address: A31542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31542 second address: A3154C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F9868E9DF06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3154C second address: A3156F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jno 00007F9868EA86A0h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3156F second address: A315AD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9868E9DF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F9868E9DF17h 0x0000000f popad 0x00000010 pop eax 0x00000011 mov dword ptr [ebp+122D37C9h], esi 0x00000017 add edi, dword ptr [ebp+122D2BD1h] 0x0000001d push 23238E00h 0x00000022 push eax 0x00000023 push edx 0x00000024 push ebx 0x00000025 jng 00007F9868E9DF06h 0x0000002b pop ebx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A317C8 second address: A317CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A319F7 second address: A31A61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9868E9DF0Ah 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F9868E9DF08h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 pushad 0x00000029 mov eax, dword ptr [ebp+122D2A85h] 0x0000002f popad 0x00000030 push 00000004h 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 call 00007F9868E9DF08h 0x0000003a pop eax 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f add dword ptr [esp+04h], 00000017h 0x00000047 inc eax 0x00000048 push eax 0x00000049 ret 0x0000004a pop eax 0x0000004b ret 0x0000004c mov ecx, edx 0x0000004e push eax 0x0000004f js 00007F9868E9DF12h 0x00000055 jc 00007F9868E9DF0Ch 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31DD5 second address: A31DEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9868EA869Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31DEA second address: A31DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3212A second address: A32130 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A32130 second address: A32134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31503 second address: A31534 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jo 00007F9868EA86A2h 0x0000000e jmp 00007F9868EA869Ch 0x00000013 jno 00007F9868EA869Ch 0x00000019 popad 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74B0A second address: A74B0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74D86 second address: A74D91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F9868EA8696h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74D91 second address: A74D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74D97 second address: A74DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A74DA0 second address: A74DA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7504C second address: A75052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A75052 second address: A75077 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF11h 0x00000007 jp 00007F9868E9DF06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jns 00007F9868E9DF06h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A75077 second address: A750A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA86A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9868EA86A9h 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A750A8 second address: A750C2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9868E9DF0Ch 0x0000000d jno 00007F9868E9DF06h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A97A second address: A7A983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A983 second address: A7A9A9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9868E9DF08h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9868E9DF18h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7A9A9 second address: A7A9AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E8880 second address: 9E8884 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7CC84 second address: A7CC8D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7F7DC second address: A7F7E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7F7E3 second address: A7F7E8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7F7E8 second address: A7F7FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9868E9DF0Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7F971 second address: A7F9B6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9868EA8696h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007F9868EA869Ah 0x00000012 jmp 00007F9868EA86A8h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F9868EA86A4h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7F9B6 second address: A7F9CA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9868E9DF0Ch 0x00000008 jl 00007F9868E9DF06h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A7FB5C second address: A7FB68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F9868EA8696h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F7907 second address: 9F790B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84543 second address: A8455B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007F9868EA869Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8455B second address: A8455F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8455F second address: A84565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84565 second address: A84571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A846CE second address: A846EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007F9868EA869Ah 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop ebx 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 pop eax 0x00000013 pop ecx 0x00000014 jng 00007F9868EA86B0h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A849A9 second address: A849AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A849AF second address: A849B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A849B5 second address: A849BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A849BE second address: A849C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84B1E second address: A84B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84B24 second address: A84B48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F9868EA86A5h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jng 00007F9868EA8696h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A84B48 second address: A84B4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87865 second address: A8789B instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9868EA86C1h 0x00000008 jmp 00007F9868EA86A5h 0x0000000d jmp 00007F9868EA86A6h 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87A0F second address: A87A19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87A19 second address: A87A21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87A21 second address: A87A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87B8C second address: A87B98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jp 00007F9868EA8696h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87B98 second address: A87BC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF17h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jbe 00007F9868E9DF06h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87EAD second address: A87EB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87EB3 second address: A87EB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87EB9 second address: A87EBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87EBD second address: A87EF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF0Ah 0x00000007 jo 00007F9868E9DF06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F9868E9DF06h 0x00000017 jmp 00007F9868E9DF17h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A87EF0 second address: A87F1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9868EA869Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ecx 0x00000012 jbe 00007F9868EA86A2h 0x00000018 jnp 00007F9868EA8696h 0x0000001e jns 00007F9868EA8696h 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8C8A8 second address: A8C8AD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8C8AD second address: A8C8BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8CCBF second address: A8CCD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F9868E9DF12h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31BA2 second address: A31BBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9868EA86A4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A31C38 second address: A31C42 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9868E9DF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8D2A5 second address: A8D2BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA869Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A8D2BA second address: A8D2C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F9868E9DF06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98786 second address: A9878C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9878C second address: A98792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A968AF second address: A968B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A968B4 second address: A968D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9868E9DF0Ch 0x00000009 jne 00007F9868E9DF06h 0x0000000f popad 0x00000010 jns 00007F9868E9DF12h 0x00000016 jbe 00007F9868E9DF06h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A968D9 second address: A968EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F9868EA8696h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A968EA second address: A968EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A978DA second address: A978E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A978E0 second address: A978FB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9868E9DF06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F9868E9DF0Bh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A978FB second address: A97901 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A97BCC second address: A97BD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A97BD0 second address: A97BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A97BD6 second address: A97BE0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9868E9DF0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A97BE0 second address: A97C02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F9868EA86A9h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A97EC1 second address: A97EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A97EC7 second address: A97ECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9812C second address: A98130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98130 second address: A98146 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F9868EA869Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98146 second address: A98162 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F9868E9DF0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9868E9DF0Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A98162 second address: A98166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A9D3D8 second address: A9D3DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA13EE second address: AA13F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0693 second address: AA06B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9868E9DF14h 0x00000009 popad 0x0000000a jmp 00007F9868E9DF0Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA06B8 second address: AA06C2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9868EA869Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0956 second address: AA0971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9868E9DF17h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0D42 second address: AA0D57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F9868EA8696h 0x0000000a jmp 00007F9868EA869Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0D57 second address: AA0D5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0D5B second address: AA0D8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9868EA86A0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F9868EA86A4h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0F0F second address: AA0F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0F13 second address: AA0F56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA86A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jnl 00007F9868EA8696h 0x00000010 pop esi 0x00000011 jmp 00007F9868EA869Eh 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F9868EA869Ch 0x0000001e push esi 0x0000001f push edi 0x00000020 pop edi 0x00000021 pop esi 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0F56 second address: AA0F5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA0F5C second address: AA0F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA10B1 second address: AA10C8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F9868E9DF10h 0x00000008 pop ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAA110 second address: AAA12A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9868EA8696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F9868EA86A0h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAA12A second address: AAA132 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAA132 second address: AAA136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAA136 second address: AAA13A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAA13A second address: AAA140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA890C second address: AA891F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F9868E9DF0Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA891F second address: AA8940 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9868EA869Fh 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jnc 00007F9868EA8696h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA8AC3 second address: AA8ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F9868E9DF11h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA8ADF second address: AA8AE7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA8AE7 second address: AA8AF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA985A second address: AA9862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA9862 second address: AA9867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA9867 second address: AA986C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AA7F50 second address: AA7F6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AAEC59 second address: AAEC5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB053B second address: AB055A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnc 00007F9868E9DF06h 0x00000009 pop eax 0x0000000a jmp 00007F9868E9DF0Ah 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edx 0x00000012 js 00007F9868E9DF0Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AB03F5 second address: AB03FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AC3FB1 second address: AC3FCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F9868E9DF13h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD552 second address: ACD557 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ACD557 second address: ACD56C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jo 00007F9868E9DF2Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F9868E9DF06h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADDA31 second address: ADDA35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADDA35 second address: ADDA59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jns 00007F9868E9DF06h 0x0000000f jmp 00007F9868E9DF0Dh 0x00000014 popad 0x00000015 push edi 0x00000016 push esi 0x00000017 pop esi 0x00000018 pop edi 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADDA59 second address: ADDA5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADDA5F second address: ADDA6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADDA6A second address: ADDA72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADDA72 second address: ADDA79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC3CC second address: ADC3F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9868EA86A0h 0x00000010 jmp 00007F9868EA869Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC3F5 second address: ADC3F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC3F9 second address: ADC407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F9868EA8698h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC407 second address: ADC411 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9868E9DF0Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC575 second address: ADC58D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9868EA869Eh 0x00000009 popad 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC58D second address: ADC592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC592 second address: ADC59F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F9868EA8696h 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC59F second address: ADC5A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC842 second address: ADC84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC84B second address: ADC855 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F9868E9DF06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC855 second address: ADC86C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F9868EA86CEh 0x0000000e pushad 0x0000000f jne 00007F9868EA8696h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC86C second address: ADC88B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9868E9DF18h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADC88B second address: ADC88F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADCCAB second address: ADCCC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F9868E9DF18h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ADCE3B second address: ADCE65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA86A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9868EA86A1h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0FCE second address: AE0FD8 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9868E9DF06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0FD8 second address: AE0FE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0FE1 second address: AE0FEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AE0FEA second address: AE0FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F9868EA8696h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF150E second address: AF1523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F9868E9DF0Ch 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC3AE second address: AEC3BA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC3BA second address: AEC3BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AEC3BE second address: AEC3C6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AFFFB1 second address: AFFFBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F9868E9DF06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14425 second address: B1445C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9868EA869Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F9868EA86AEh 0x00000011 jnp 00007F9868EA8696h 0x00000017 jmp 00007F9868EA86A2h 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1445C second address: B14460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B145B8 second address: B145DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868EA86A8h 0x00000007 ja 00007F9868EA8696h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14DED second address: B14E22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9868E9DF0Fh 0x00000010 jmp 00007F9868E9DF10h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14E22 second address: B14E3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F9868EA86A7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B14F80 second address: B14FAD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9868E9DF12h 0x00000008 jnp 00007F9868E9DF1Dh 0x0000000e jmp 00007F9868E9DF11h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B152BD second address: B152EF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007F9868EA86A3h 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9868EA86A1h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B17EDD second address: B17EE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B17EE1 second address: B17EEB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B17FF3 second address: B17FF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B17FF7 second address: B18001 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9868EA8696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B184D3 second address: B184E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9868E9DF10h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B184E7 second address: B18565 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dx, si 0x0000000e add dh, FFFFFF98h 0x00000011 push dword ptr [ebp+122D2F2Fh] 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007F9868EA8698h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 pushad 0x00000032 add ecx, 285DE2F8h 0x00000038 and edx, dword ptr [ebp+122D2B19h] 0x0000003e popad 0x0000003f call 00007F9868EA8699h 0x00000044 jmp 00007F9868EA869Fh 0x00000049 push eax 0x0000004a jmp 00007F9868EA86A3h 0x0000004f mov eax, dword ptr [esp+04h] 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 ja 00007F9868EA8696h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B18565 second address: B1857F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9868E9DF16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B1857F second address: B185A1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F9868EA869Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d js 00007F9868EA869Ch 0x00000013 jl 00007F9868EA8696h 0x00000019 push esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: B185A1 second address: B185B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F9868E9DF06h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A351F4 second address: A35216 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9868EA8696h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F9868EA869Ch 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push edi 0x00000018 push esi 0x00000019 pop esi 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A35448 second address: A3544C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3561B second address: A3561F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A2A198 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A4F589 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_0088601C rdtsc

1_2_0088601C

Source: file.exe, file.exe, 00000001.00000002.1384762612.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000001.00000002.1386680523.0000000001137000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.0000000001137000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8P
Source: file.exe, 00000001.00000003.1337644084.0000000001183000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367610987.0000000001189000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367759834.0000000001183000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1387012838.0000000001183000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1387114438.000000000118A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367465394.0000000001183000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1338759973.0000000001189000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000001.00000002.1384762612.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_0088601C rdtsc

1_2_0088601C

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00869660 LdrInitializeThunk,

1_2_00869660

Source: file.exe, file.exe, 00000001.00000002.1384762612.0000000000A0A000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: zProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: 1.2.file.exe.820000.0.unpack, type: UNPACKEDPE

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: 1.2.file.exe.820000.0.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	23 Virtualization/Sandbox Evasion	OS Credential Dumping	641 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	23 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	58%	Virustotal		Browse
file.exe	58%	ReversingLabs	Win32.Trojan.LummaStealer
file.exe	100%	Avira	TR/Crypt.TPM.Gen

Source	Detection	Scanner	Label
absoulpushx.life/QZwszc	100%	Avira URL Cloud	malware
orangemyther.live/IozZ	100%	Avira URL Cloud	malware
https://www.gstatic.cn/recaptcha/	0%	Avira URL Cloud	safe
modelshiverd.icu/bJhnsj	100%	Avira URL Cloud	malware
catterjur.run/boSnzhu	100%	Avira URL Cloud	malware
garagedrootz.top/oPsoJAN	100%	Avira URL Cloud	malware
fostinjec.today/LksNAz	100%	Avira URL Cloud	malware
begindecafer.world/QwdZdf	100%	Avira URL Cloud	malware
arisechairedd.shop/JnsHY	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	23.197.127.21	true	false	high
modelshiverd.icu	unknown	unknown	false	high
56.163.245.4.in-addr.arpa	unknown	unknown	false	high
garagedrootz.top	unknown	unknown	false	high
15.164.165.52.in-addr.arpa	unknown	unknown	false	high
fostinjec.today	unknown	unknown	false	high
catterjur.run	unknown	unknown	false	high
absoulpushx.life	unknown	unknown	true	unknown
sterpickced.digital	unknown	unknown	false	high
arisechairedd.shop	unknown	unknown	false	high
orangemyther.live	unknown	unknown	false	high
begindecafer.world	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
absoulpushx.life/QZwszc	true	Avira URL Cloud: malware	unknown
orangemyther.live/IozZ	true	Avira URL Cloud: malware	unknown
catterjur.run/boSnzhu	true	Avira URL Cloud: malware	unknown
modelshiverd.icu/bJhnsj	true	Avira URL Cloud: malware	unknown
https://steamcommunity.com/profiles/76561199822375128	false		high
begindecafer.world/QwdZdf	true	Avira URL Cloud: malware	unknown
fostinjec.today/LksNAz	true	Avira URL Cloud: malware	unknown
garagedrootz.top/oPsoJAN	true	Avira URL Cloud: malware	unknown
arisechairedd.shop/JnsHY	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/my/wishlist/	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://player.vimeo.com	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamloopback.host	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/?subsection=broadcasts	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.steampowered.com/en/	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/market/	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/news/	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/subscriber_agreement/	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.gstatic.cn/recaptcha/	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://store.steampowered.com/subscriber_agreement/	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://recaptcha.net/recaptcha/;	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.valvesoftware.com/legal.htm	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/discussions/	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=39xC	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128	file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/stats/	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_c	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://medal.tv	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://broadcast.st.dl.eccdnx.com	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/steam_refunds/	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	file.exe, 00000001.00000003.1367465394.000000000114D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337644084.000000000114D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=J1-T6FXbrr0Z&a	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&am	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&am	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://s.ytimg.com;	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/workshop/	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.steampowered.com/	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/legal/	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steam.tv/	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/e	file.exe, 00000001.00000003.1367610987.0000000001189000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1387114438.000000000118A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367465394.0000000001183000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/privacy_agreement/	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/points/shop/	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://recaptcha.net	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/	file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sketchfab.com	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://lv.queniujq.cn	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com/	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://127.0.0.1:27060	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/privacy_agreement/	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/recaptcha/	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://checkout.steampowered.com/	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.steampowered.com/	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.steampowered.com/	file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://store.steampowered.com/account/cookiepreferences/	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367673393.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386680523.000000000114A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=jfdbROVe	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/mobile	file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://steamcommunity.com/	file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1386910629.0000000001153000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou	file.exe, 00000001.00000003.1337644084.0000000001183000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367610987.0000000001189000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367465394.0000000001183000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1338759973.0000000001189000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/;	file.exe, 00000001.00000003.1367465394.0000000001183000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1338759973.0000000001189000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1338837793.000000000118B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://store.steampowered.com/about/	file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l	file.exe, 00000001.00000003.1337231036.00000000011CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1337231036.00000000011D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367648871.00000000011D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1367422782.00000000011D5000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.197.127.21	steamcommunity.com	United States		20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637460
Start date and time:	2025-03-13 16:49:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@12/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.16.185.191, 172.202.163.200, 52.165.164.15, 4.245.163.56
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.197.127.21	http://steamcomunity.aiq.ru/	Get hash	malicious	Unknown	Browse	steamcommunity.com/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.73.234.102
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.73.234.102
	nvtoaldlrg.exe	Get hash	malicious	LummaC Stealer	Browse	104.73.234.102
	script5.ps1	Get hash	malicious	LummaC Stealer	Browse	23.197.127.21
	https://stearncommmunity.com/profiles/52829086342741	Get hash	malicious	Unknown	Browse	23.197.127.21
	https://sceanmcommnunmnlty.com/xroea/spwoe/zxiwe	Get hash	malicious	Unknown	Browse	104.73.234.102
	https://sceanmcommnunmnlty.com/sotep/aofpe/zoepr	Get hash	malicious	Unknown	Browse	104.73.234.102
	http://gift50steam.com/50	Get hash	malicious	Unknown	Browse	104.73.234.102
	L0erlgyZ6f.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	104.73.234.102
	SpaceCheatFort.exe	Get hash	malicious	LummaC Stealer	Browse	23.192.247.89

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	http://app.plangrid.com/projects/bcb97291-5564-5612-9970-d1b139dcb62d/staple/b1fc2804-67d4-470e-9780-d2d4344b3b93	Get hash	malicious	Unknown	Browse	2.19.96.120
	Peo Retention Memo Reff No2.pdf	Get hash	malicious	Unknown	Browse	172.235.37.241
	Bank_Statement.html	Get hash	malicious	HTMLPhisher	Browse	2.18.98.164
	https://forms.office.com/e/pnG8K1BDns	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	2.22.89.48
	FW New Login on Your ScreenConnect Instance.msg	Get hash	malicious	Unknown	Browse	88.221.110.227
	script5.ps1	Get hash	malicious	LummaC Stealer	Browse	23.197.127.21
	https://scuddlecakevgzg.cfd/d7p96s	Get hash	malicious	Unknown	Browse	2.19.96.249
	New_Voicemail_ Peterborough_.html	Get hash	malicious	HTMLPhisher	Browse	95.101.182.112
	https://test.novanotes.de/	Get hash	malicious	Unknown	Browse	2.18.96.221
	https://allegrolokalnie.pl-745667434.icu/dostawa/pilarka-stihl-ms-362-cm---jak-nowa-970323	Get hash	malicious	HTMLPhisher	Browse	2.22.242.136

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.197.127.21
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.197.127.21
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.197.127.21
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.197.127.21
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.197.127.21
	file.exe	Get hash	malicious	Unknown	Browse	23.197.127.21
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.197.127.21
	DropboxInstaller.exe	Get hash	malicious	Unknown	Browse	23.197.127.21
	DropboxInstaller.exe	Get hash	malicious	Unknown	Browse	23.197.127.21
	nvtoaldlrg.exe	Get hash	malicious	LummaC Stealer	Browse	23.197.127.21

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.908950160921607
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'084'352 bytes
MD5:	0896954792978df6b6f6965593ec07e8
SHA1:	718fd59a15a6bbdaee5e847e97be5afad3e8bb3e
SHA256:	e771e24ff1eeecc7c4c60e2b755a469518875a7737f614621356bc4572af7abd
SHA512:	c2cfdfb54c91e0d9f3382525369dd0a43badc6212464d785777a2ddd92709370f6a94e795b092f659f6cc18327450f9aed248d9f685a06d837c7e17b236175fc
SSDEEP:	49152:Kmcrh4PU6ndutjFVwl0TA/6fyWTgNCVW:ls4MtJGqFfDWCY
TLSH:	0BA5225D16D1BB11F64DBF33B26AB2A16D4B7B1BEF82C90C5C205B54EA7B852C019C0E
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.............................0J...........@..........................`J.....9. ...@.................................W...k..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x8a3000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67C9DDEB [Thu Mar 6 17:39:55 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F9868EB69FAh
shrd dword ptr [edi], ebx, 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F9868EB89F5h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x61057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x60000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x611f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x5f000	0x5f000	80703b7f768a6a6790a95c111a246d79	False	0.6001721833881579	data	7.197290699143149	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x60000	0x2b0	0x200	59209309a46de761501d48740e590dfd	False	0.796875	data	6.0478371662605594	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x61000	0x1000	0x200	f47b289bcee0e13a937cc29db13607bf	False	0.150390625	data	1.0437720338377494	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x62000	0x2a5000	0x200	ccbae79b1a4055a9328c3de00bc8dbc4	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
nxxmaptf	0x307000	0x19b000	0x19a200	8eb9e5a25a4347f7108f6c2f5d5b3e9f	False	0.9946442347988418	data	7.954962903371687	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
gppvohye	0x4a2000	0x1000	0x400	3b6e63a3432760157193ceeb649373bc	False	0.6865234375	data	5.521947671865459	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4a3000	0x3000	0x2200	b06b97344296172d13821c35bbcc473a	False	0.06548713235294118	DOS executable (COM)	0.8163867033504681	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4a0e74	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-13T16:50:10.565616+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49687	23.197.127.21	443	TCP
2025-03-13T16:50:13.644568+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49688	23.197.127.21	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 16:50:08.815759897 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:08.815810919 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:08.815870047 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:08.820003986 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:08.820017099 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:10.565378904 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:10.565615892 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:10.568885088 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:10.568905115 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:10.569237947 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:10.611917019 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:10.620624065 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:10.668327093 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.579869032 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.579914093 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.579948902 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.579971075 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.579992056 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.580019951 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.580035925 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.580075979 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.580076933 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.753745079 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.753788948 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.753901005 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.753911972 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.754040956 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.755192041 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.755295992 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.755316973 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.755393982 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.775394917 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.775394917 CET	49687	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.775415897 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.775427103 CET	443	49687	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.965852976 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.965898991 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:11.965969086 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.966438055 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:11.966449976 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:13.644403934 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:13.644567966 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:13.646142006 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:13.646152973 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:13.646508932 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:13.648032904 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:13.688322067 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:14.633618116 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:14.633646011 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:14.633698940 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:14.633791924 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:14.633814096 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:14.633941889 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:14.633941889 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:14.783103943 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:14.783205032 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:14.783232927 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:14.783242941 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:14.783305883 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:14.804459095 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:14.804563999 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:14.804732084 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:14.804852962 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:14.804852962 CET	49688	443	192.168.2.6	23.197.127.21
Mar 13, 2025 16:50:14.804872036 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:14.804886103 CET	443	49688	23.197.127.21	192.168.2.6
Mar 13, 2025 16:50:39.060722113 CET	56568	53	192.168.2.6	162.159.36.2
Mar 13, 2025 16:50:39.065538883 CET	53	56568	162.159.36.2	192.168.2.6
Mar 13, 2025 16:50:39.065632105 CET	56568	53	192.168.2.6	162.159.36.2
Mar 13, 2025 16:50:39.070492983 CET	53	56568	162.159.36.2	192.168.2.6
Mar 13, 2025 16:50:39.544337988 CET	56568	53	192.168.2.6	162.159.36.2
Mar 13, 2025 16:50:39.549254894 CET	53	56568	162.159.36.2	192.168.2.6
Mar 13, 2025 16:50:39.549314976 CET	56568	53	192.168.2.6	162.159.36.2

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 16:50:08.273308039 CET	51962	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:08.284950972 CET	53	51962	1.1.1.1	192.168.2.6
Mar 13, 2025 16:50:08.286444902 CET	50750	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:08.296544075 CET	53	50750	1.1.1.1	192.168.2.6
Mar 13, 2025 16:50:08.298717976 CET	61624	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:08.454085112 CET	53	61624	1.1.1.1	192.168.2.6
Mar 13, 2025 16:50:08.481372118 CET	59891	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:08.490456104 CET	53	59891	1.1.1.1	192.168.2.6
Mar 13, 2025 16:50:08.501622915 CET	53328	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:08.570909977 CET	53	53328	1.1.1.1	192.168.2.6
Mar 13, 2025 16:50:08.669903994 CET	64261	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:08.685722113 CET	53	64261	1.1.1.1	192.168.2.6
Mar 13, 2025 16:50:08.700941086 CET	57562	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:08.716607094 CET	53	57562	1.1.1.1	192.168.2.6
Mar 13, 2025 16:50:08.718189001 CET	61861	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:08.731935024 CET	53	61861	1.1.1.1	192.168.2.6
Mar 13, 2025 16:50:08.778064966 CET	58661	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:08.791868925 CET	53	58661	1.1.1.1	192.168.2.6
Mar 13, 2025 16:50:08.794219971 CET	58419	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:08.805679083 CET	53	58419	1.1.1.1	192.168.2.6
Mar 13, 2025 16:50:39.054521084 CET	53	59508	162.159.36.2	192.168.2.6
Mar 13, 2025 16:50:39.550992012 CET	60578	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:39.558974028 CET	53	60578	1.1.1.1	192.168.2.6
Mar 13, 2025 16:50:44.977896929 CET	50515	53	192.168.2.6	1.1.1.1
Mar 13, 2025 16:50:45.027077913 CET	53	50515	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 13, 2025 16:50:08.273308039 CET	192.168.2.6	1.1.1.1	0x33f8	Standard query (0)	absoulpushx.life	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.286444902 CET	192.168.2.6	1.1.1.1	0xc87f	Standard query (0)	begindecafer.world	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.298717976 CET	192.168.2.6	1.1.1.1	0xf564	Standard query (0)	garagedrootz.top	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.481372118 CET	192.168.2.6	1.1.1.1	0xf2d3	Standard query (0)	modelshiverd.icu	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.501622915 CET	192.168.2.6	1.1.1.1	0x924c	Standard query (0)	arisechairedd.shop	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.669903994 CET	192.168.2.6	1.1.1.1	0xffa3	Standard query (0)	catterjur.run	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.700941086 CET	192.168.2.6	1.1.1.1	0xa922	Standard query (0)	orangemyther.live	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.718189001 CET	192.168.2.6	1.1.1.1	0xa93e	Standard query (0)	fostinjec.today	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.778064966 CET	192.168.2.6	1.1.1.1	0xcb6f	Standard query (0)	sterpickced.digital	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.794219971 CET	192.168.2.6	1.1.1.1	0xe3a2	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:39.550992012 CET	192.168.2.6	1.1.1.1	0x76e0	Standard query (0)	15.164.165.52.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Mar 13, 2025 16:50:44.977896929 CET	192.168.2.6	1.1.1.1	0xf09f	Standard query (0)	56.163.245.4.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 13, 2025 16:50:08.284950972 CET	1.1.1.1	192.168.2.6	0x33f8	Name error (3)	absoulpushx.life	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.296544075 CET	1.1.1.1	192.168.2.6	0xc87f	Name error (3)	begindecafer.world	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.454085112 CET	1.1.1.1	192.168.2.6	0xf564	Name error (3)	garagedrootz.top	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.490456104 CET	1.1.1.1	192.168.2.6	0xf2d3	Name error (3)	modelshiverd.icu	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.570909977 CET	1.1.1.1	192.168.2.6	0x924c	Name error (3)	arisechairedd.shop	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.685722113 CET	1.1.1.1	192.168.2.6	0xffa3	Name error (3)	catterjur.run	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.716607094 CET	1.1.1.1	192.168.2.6	0xa922	Name error (3)	orangemyther.live	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.731935024 CET	1.1.1.1	192.168.2.6	0xa93e	Name error (3)	fostinjec.today	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.791868925 CET	1.1.1.1	192.168.2.6	0xcb6f	Name error (3)	sterpickced.digital	none	none	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:08.805679083 CET	1.1.1.1	192.168.2.6	0xe3a2	No error (0)	steamcommunity.com		23.197.127.21	A (IP address)	IN (0x0001)	false
Mar 13, 2025 16:50:39.558974028 CET	1.1.1.1	192.168.2.6	0x76e0	Name error (3)	15.164.165.52.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Mar 13, 2025 16:50:45.027077913 CET	1.1.1.1	192.168.2.6	0xf09f	Name error (3)	56.163.245.4.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49687	23.197.127.21	443	1728	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 15:50:10 UTC	94	OUT	GET /profiles/76561199822375128 HTTP/1.1 Connection: Keep-Alive Host: steamcommunity.com
2025-03-13 15:50:11 UTC	1962	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 X-Frame-Options: SAMEORIGIN Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 13 Mar 2025 15:50:11 GMT Content-Length: 26244 Connection: close Set-Cookie: sessionid=650833ed8936b9f08c727be3; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C4ee1dd1eefdeae17dcd8ab284b4c9b78; path=/; secure; HttpOnly; SameSite=None
2025-03-13 15:50:11 UTC	14422	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
2025-03-13 15:50:11 UTC	10154	IN	Data Raw: 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 73 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 73 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 ae 80 e4 bd 93 e4 b8 ad e6 96 87 20 28 53 69 6d 70 6c 69 66 69 65 64 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 Data Ascii: yle="display: none;"><div class="popup_body popup_menu"><a class="popup_menu_item tight" href="?l=schinese" onclick="ChangeLanguage( 'schinese' ); return false;"> (Simplified Chinese)</a>
2025-03-13 15:50:11 UTC	1668	IN	Data Raw: 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 22 3e 68 6f 6d 65 20 70 61 67 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 62 72 20 63 6c 65 61 72 3d 22 61 6c 6c 22 20 2f 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 09 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 6c 65 67 61 63 79 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0a 0a 09 09 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 5f 73 70 61 63 65 72 22 20 63 6c 61 73 73 3d 22 22 3e 3c 2f 64 69 76 3e 0a 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 5f 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 73 70 61 63 65 72 22 3e 3c 2f 64 69 76 3e 0a 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 09 09 09 09 09 3c Data Ascii: ://steamcommunity.com">home page</a>.</p></div><br clear="all" /></div></div></div>... responsive_page_legacy_content --><div id="footer_spacer" class=""></div><div id="footer_responsive_optin_spacer"></div><div id="footer"><

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49688	23.197.127.21	443	1728	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 15:50:13 UTC	94	OUT	GET /profiles/76561199822375128 HTTP/1.1 Connection: Keep-Alive Host: steamcommunity.com
2025-03-13 15:50:14 UTC	1962	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 X-Frame-Options: SAMEORIGIN Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 13 Mar 2025 15:50:14 GMT Content-Length: 26244 Connection: close Set-Cookie: sessionid=3a4489118468f78cd67cd82c; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C4ee1dd1eefdeae17dcd8ab284b4c9b78; path=/; secure; HttpOnly; SameSite=None
2025-03-13 15:50:14 UTC	14422	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
2025-03-13 15:50:14 UTC	10154	IN	Data Raw: 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 73 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 73 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 ae 80 e4 bd 93 e4 b8 ad e6 96 87 20 28 53 69 6d 70 6c 69 66 69 65 64 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 Data Ascii: yle="display: none;"><div class="popup_body popup_menu"><a class="popup_menu_item tight" href="?l=schinese" onclick="ChangeLanguage( 'schinese' ); return false;"> (Simplified Chinese)</a>
2025-03-13 15:50:14 UTC	1668	IN	Data Raw: 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 22 3e 68 6f 6d 65 20 70 61 67 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 09 09 3c 2f 64 69 76 3e 0a 09 09 3c 62 72 20 63 6c 65 61 72 3d 22 61 6c 6c 22 20 2f 3e 0a 09 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 09 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 6c 65 67 61 63 79 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0a 0a 09 09 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 5f 73 70 61 63 65 72 22 20 63 6c 61 73 73 3d 22 22 3e 3c 2f 64 69 76 3e 0a 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 5f 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 73 70 61 63 65 72 22 3e 3c 2f 64 69 76 3e 0a 09 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 09 09 09 09 09 3c Data Ascii: ://steamcommunity.com">home page</a>.</p></div><br clear="all" /></div></div></div>... responsive_page_legacy_content --><div id="footer_spacer" class=""></div><div id="footer_responsive_optin_spacer"></div><div id="footer"><

Target ID:	1
Start time:	11:50:04
Start date:	13/03/2025
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x820000
File size:	2'084'352 bytes
MD5 hash:	0896954792978DF6B6F6965593EC07E8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: LummaC

Yara Signatures

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Windows Analysis Report
file.exe