Windows Analysis Report
9pyUjy2elE.exe

Overview

General Information

Sample name: 9pyUjy2elE.exe
renamed because original name is a hash value
Original sample name: 99e7fa90ed2f0668e8928a0bd9e4d37f.exe
Analysis ID: 1579673
MD5: 99e7fa90ed2f0668e8928a0bd9e4d37f
SHA1: cb40bccee3c04b5c992fad18039dbedd4e59b5a0
SHA256: 06f71451ac6bc586a8e4a4f62a70669d2d0684d610fe4aa3197dbf053accd49c
Tags: exeuser-abuse_ch
Infos:

Detection

LummaC
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Lumma Stealer, LummaC2 Stealer Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

AV Detection

barindex
Source: 9pyUjy2elE.exe Avira: detected
Source: 9pyUjy2elE.exe.7128.0.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["necklacebudi.lat", "energyaffai.lat", "discokeyus.lat", "sweepyribs.lat", "sustainskelet.lat", "aspecteirs.lat", "grannyejh.lat", "crosshuaht.lat", "rapeflowwj.lat"], "Build id": "PsFKDg--pablo"}
Source: 9pyUjy2elE.exe ReversingLabs: Detection: 57%
Source: 9pyUjy2elE.exe Virustotal: Detection: 67% Perma Link
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: 9pyUjy2elE.exe Joe Sandbox ML: detected
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: rapeflowwj.lat
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: crosshuaht.lat
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: sustainskelet.lat
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: aspecteirs.lat
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: energyaffai.lat
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: necklacebudi.lat
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: discokeyus.lat
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: grannyejh.lat
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: sweepyribs.lat
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Screen Resoluton:
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: Workgroup: -
Source: 00000000.00000003.1274380678.0000000005200000.00000004.00001000.00020000.00000000.sdmp String decryptor: PsFKDg--pablo
Source: 9pyUjy2elE.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.7:49700 version: TLS 1.2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h] 0_2_0022C767
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then lea edx, dword ptr [ecx+01h] 0_2_001FB70C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ebx, esi 0_2_00212190
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov word ptr [ebx], cx 0_2_00212190
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h 0_2_00212190
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh] 0_2_00206263
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then jmp dword ptr [0023450Ch] 0_2_00208591
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h 0_2_002285E0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then jmp eax 0_2_002285E0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov eax, dword ptr [0023473Ch] 0_2_0020C653
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_0021A700
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h] 0_2_0020E7C0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov byte ptr [edi], al 0_2_0020682D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+18h] 0_2_0020682D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h] 0_2_0020682D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov edx, ecx 0_2_00228810
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh 0_2_00228810
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh 0_2_00228810
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then test eax, eax 0_2_00228810
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_0021CA49
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then push ebx 0_2_0022CA93
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_0021CAD0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_0021CB22
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_0021CB11
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00218B61
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_0020CB40
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov word ptr [esi], cx 0_2_0020CB40
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then cmp al, 2Eh 0_2_00216B95
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h] 0_2_0022ECA0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov eax, dword ptr [ebp-68h] 0_2_00218D93
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ecx, eax 0_2_0022AEC0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then xor byte ptr [esp+eax+17h], al 0_2_001F8F50
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov byte ptr [edi], bl 0_2_001F8F50
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h] 0_2_0022EFB0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then push C0BFD6CCh 0_2_00213086
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then push C0BFD6CCh 0_2_00213086
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then add ebp, dword ptr [esp+0Ch] 0_2_0021B170
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h 0_2_0022B1D0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ebx, eax 0_2_0022B1D0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov word ptr [ecx], dx 0_2_002191DD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ecx, dword ptr [ebp-20h] 0_2_002191DD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh] 0_2_00205220
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov word ptr [ebx], ax 0_2_0020B2E0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax] 0_2_0022F330
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh] 0_2_00207380
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h 0_2_0020D380
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_00225450
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh] 0_2_00207380
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] 0_2_001F74F0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] 0_2_001F74F0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov word ptr [ecx], dx 0_2_002191DD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ecx, dword ptr [ebp-20h] 0_2_002191DD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ecx, eax 0_2_001F9580
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov word ptr [ebp+00h], ax 0_2_001F9580
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then xor edi, edi 0_2_0020759F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov esi, eax 0_2_00205799
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ecx, eax 0_2_00205799
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx eax, word ptr [edx] 0_2_002097C2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov word ptr [edi], dx 0_2_002097C2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov word ptr [esi], cx 0_2_002097C2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov word ptr [ecx], bp 0_2_0020D83A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh] 0_2_00213860
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then jmp eax 0_2_0021984F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ebx, eax 0_2_001F5990
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ebp, eax 0_2_001F5990
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov eax, dword ptr [esp+00000080h] 0_2_002079C1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov byte ptr [esi], al 0_2_0021DA53
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then push esi 0_2_00217AD3
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ebx, eax 0_2_001FDBD9
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ebx, eax 0_2_001FDBD9
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then push 00000000h 0_2_00219C2B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h] 0_2_00207DEE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then jmp dword ptr [002355F4h] 0_2_00215E30
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov edx, ebp 0_2_00215E70
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov eax, dword ptr [ebx+edi+44h] 0_2_00209F30
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov byte ptr [esi], al 0_2_0020BF14
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then mov ecx, ebx 0_2_0021DFE9
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 4x nop then jmp ecx 0_2_001FBFFD

Networking

barindex
Source: Network traffic Suricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.7:57278 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.7:53169 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.7:52657 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.7:50801 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.7:55618 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.7:52293 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.7:54273 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.7:62139 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.7:64259 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49699 -> 23.55.153.106:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49700 -> 172.67.157.254:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49700 -> 172.67.157.254:443
Source: Malware configuration extractor URLs: necklacebudi.lat
Source: Malware configuration extractor URLs: energyaffai.lat
Source: Malware configuration extractor URLs: discokeyus.lat
Source: Malware configuration extractor URLs: sweepyribs.lat
Source: Malware configuration extractor URLs: sustainskelet.lat
Source: Malware configuration extractor URLs: aspecteirs.lat
Source: Malware configuration extractor URLs: grannyejh.lat
Source: Malware configuration extractor URLs: crosshuaht.lat
Source: Malware configuration extractor URLs: rapeflowwj.lat
Source: Joe Sandbox View IP Address: 172.67.157.254 172.67.157.254
Source: Joe Sandbox View IP Address: 23.55.153.106 23.55.153.106
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49700 -> 172.67.157.254:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49699 -> 23.55.153.106:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49702 -> 172.67.157.254:443
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: 9pyUjy2elE.exe, 00000000.00000003.1326494966.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=12bbe1288c0b49160cbef971; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 23 Dec 2024 06:24:36 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-ControlC equals www.youtube.com (Youtube)
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: LRPC-e433ee860fe502924ba/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=12bbe1288c0b49160cbef971; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 23 Dec 2024 06:24:36 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-ControlC equals www.youtube.com (Youtube)
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: a/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: 9pyUjy2elE.exe, 00000000.00000003.1326494966.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic DNS traffic detected: DNS query: grannyejh.lat
Source: global traffic DNS traffic detected: DNS query: discokeyus.lat
Source: global traffic DNS traffic detected: DNS query: necklacebudi.lat
Source: global traffic DNS traffic detected: DNS query: energyaffai.lat
Source: global traffic DNS traffic detected: DNS query: aspecteirs.lat
Source: global traffic DNS traffic detected: DNS query: sustainskelet.lat
Source: global traffic DNS traffic detected: DNS query: crosshuaht.lat
Source: global traffic DNS traffic detected: DNS query: rapeflowwj.lat
Source: global traffic DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic DNS traffic detected: DNS query: lev-tolstoi.com
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:27060
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363637912.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363637912.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363637912.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.steampowered.com/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: 9pyUjy2elE.exe, 00000000.00000003.1326494966.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363823898.000000000160F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://checkout.steampowered.com/
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363637912.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: 9pyUjy2elE.exe, 00000000.00000003.1326494966.000000000159C000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363637912.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: 9pyUjy2elE.exe, 00000000.00000003.1326494966.000000000159C000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: 9pyUjy2elE.exe, 00000000.00000003.1326494966.000000000159C000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: 9pyUjy2elE.exe, 00000000.00000003.1326494966.000000000159C000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/en/
Source: 9pyUjy2elE.exe, 00000000.00000003.1362709552.00000000015A2000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1362862160.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363764086.00000000015A2000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351824976.00000000015ED000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351824976.00000000015A2000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/
Source: 9pyUjy2elE.exe, 00000000.00000003.1362709552.00000000015A2000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363764086.00000000015A2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/BV
Source: 9pyUjy2elE.exe, 00000000.00000003.1351824976.000000000159D000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1362709552.000000000159D000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363764086.000000000159E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/Y
Source: 9pyUjy2elE.exe, 00000000.00000003.1362709552.00000000015CF000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1362862160.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351824976.00000000015ED000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015CF000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351824976.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1352077090.00000000015B9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/api
Source: 9pyUjy2elE.exe, 00000000.00000003.1351824976.00000000015ED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/apiN
Source: 9pyUjy2elE.exe, 00000000.00000003.1362862160.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/apip
Source: 9pyUjy2elE.exe, 00000000.00000003.1351824976.00000000015ED000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/pi2%
Source: 9pyUjy2elE.exe, 00000000.00000003.1362862160.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/r%
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.steampowered.com/
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lv.queniujq.cn
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://medal.tv
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://player.vimeo.com
Source: 9pyUjy2elE.exe, 00000000.00000003.1326494966.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s.ytimg.com;
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sketchfab.com
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steam.tv/
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast.akamaized.net
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/7
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/discussions/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363637912.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/market/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326494966.00000000015A2000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326494966.00000000015CA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: 9pyUjy2elE.exe, 00000000.00000003.1326494966.000000000159C000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363637912.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/workshop/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326718158.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351824976.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1362862160.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326494966.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;
Source: 9pyUjy2elE.exe, 00000000.00000003.1326718158.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351824976.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1362862160.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326494966.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/about/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/explore/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.000000000161B000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363637912.0000000001599000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/legal/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/mobile
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/news/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/points/shop/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/stats/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/recaptcha/
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: 9pyUjy2elE.exe, 00000000.00000003.1326461964.0000000001622000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351762009.0000000001621000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326441891.000000000162B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com
Source: 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.7:49700 version: TLS 1.2

System Summary

barindex
Source: 9pyUjy2elE.exe Static PE information: section name:
Source: 9pyUjy2elE.exe Static PE information: section name: .idata
Source: 9pyUjy2elE.exe Static PE information: section name:
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001F8850 0_2_001F8850
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001FACF0 0_2_001FACF0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00324030 0_2_00324030
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 0_2_003B0038
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002BC025 0_2_002BC025
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002BA038 0_2_002BA038
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D0009 0_2_002D0009
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00308003 0_2_00308003
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029406C 0_2_0029406C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B407F 0_2_002B407F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A20BE 0_2_002A20BE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E60B2 0_2_002E60B2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002620BB 0_2_002620BB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C608B 0_2_002C608B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002920E0 0_2_002920E0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B60F8 0_2_002B60F8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002860CB 0_2_002860CB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025A0D5 0_2_0025A0D5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025C0D5 0_2_0025C0D5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029C0DC 0_2_0029C0DC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F012C 0_2_002F012C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A813C 0_2_002A813C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00314128 0_2_00314128
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029A11C 0_2_0029A11C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C2114 0_2_002C2114
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F6110 0_2_002F6110
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00288165 0_2_00288165
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DA17E 0_2_002DA17E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00252150 0_2_00252150
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030014A 0_2_0030014A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002541A0 0_2_002541A0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00212190 0_2_00212190
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031C18D 0_2_0031C18D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002141C0 0_2_002141C0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002981DC 0_2_002981DC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C81DA 0_2_002C81DA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027E1DE 0_2_0027E1DE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0032422E 0_2_0032422E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030622E 0_2_0030622E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031A22F 0_2_0031A22F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F2203 0_2_002F2203
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0032020A 0_2_0032020A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00206263 0_2_00206263
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A026E 0_2_002A026E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002CA264 0_2_002CA264
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031E27B 0_2_0031E27B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003AC260 0_2_003AC260
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00252242 0_2_00252242
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A62A8 0_2_002A62A8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003202B0 0_2_003202B0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B62B8 0_2_003B62B8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F82BC 0_2_002F82BC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030E2A4 0_2_0030E2A4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002842B1 0_2_002842B1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DE2B4 0_2_002DE2B4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002782B9 0_2_002782B9
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001F6280 0_2_001F6280
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A4289 0_2_002A4289
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0020E290 0_2_0020E290
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002FC2E7 0_2_002FC2E7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E22E7 0_2_002E22E7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A22E1 0_2_002A22E1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F42CC 0_2_002F42CC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003162DF 0_2_003162DF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030A2C1 0_2_0030A2C1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002AE323 0_2_002AE323
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E0322 0_2_002E0322
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B033B 0_2_002B033B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D633F 0_2_002D633F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0021A33F 0_2_0021A33F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D030D 0_2_002D030D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0021830D 0_2_0021830D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001F8330 0_2_001F8330
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001F4320 0_2_001F4320
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B637C 0_2_002B637C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002EE35F 0_2_002EE35F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031C34A 0_2_0031C34A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003143BB 0_2_003143BB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00214380 0_2_00214380
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002EC382 0_2_002EC382
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00282399 0_2_00282399
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029039D 0_2_0029039D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029639F 0_2_0029639F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002643EE 0_2_002643EE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002AC3CA 0_2_002AC3CA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002AA3D0 0_2_002AA3D0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00280422 0_2_00280422
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00260470 0_2_00260470
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031E46D 0_2_0031E46D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028C446 0_2_0028C446
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00286458 0_2_00286458
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00266455 0_2_00266455
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002EA45A 0_2_002EA45A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00258458 0_2_00258458
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002504B0 0_2_002504B0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B24BD 0_2_002B24BD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002CE4B6 0_2_002CE4B6
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003224AE 0_2_003224AE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00308498 0_2_00308498
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029249D 0_2_0029249D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025A4F1 0_2_0025A4F1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002884FD 0_2_002884FD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003044ED 0_2_003044ED
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003024D2 0_2_003024D2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029A4CF 0_2_0029A4CF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F052E 0_2_002F052E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00286523 0_2_00286523
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028A53B 0_2_0028A53B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C6509 0_2_002C6509
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00212510 0_2_00212510
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029851F 0_2_0029851F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DC56F 0_2_002DC56F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F257F 0_2_002F257F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D4579 0_2_002D4579
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00310569 0_2_00310569
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00282556 0_2_00282556
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E4551 0_2_002E4551
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002CC5AC 0_2_002CC5AC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0026A5B5 0_2_0026A5B5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029C5B1 0_2_0029C5B1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C05B7 0_2_002C05B7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D2582 0_2_002D2582
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F85E6 0_2_002F85E6
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003065E0 0_2_003065E0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002FE5F3 0_2_002FE5F3
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A85D4 0_2_002A85D4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027C63F 0_2_0027C63F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00266600 0_2_00266600
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027E60C 0_2_0027E60C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00254610 0_2_00254610
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00296673 0_2_00296673
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00256640 0_2_00256640
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002BE65D 0_2_002BE65D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002AE6AC 0_2_002AE6AC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030E6BA 0_2_0030E6BA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002926A4 0_2_002926A4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029E6BB 0_2_0029E6BB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025C6B2 0_2_0025C6B2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00274687 0_2_00274687
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00318699 0_2_00318699
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027A68B 0_2_0027A68B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030A689 0_2_0030A689
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002846E8 0_2_002846E8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E06FD 0_2_002E06FD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028E6FE 0_2_0028E6FE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002186C0 0_2_002186C0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002166D0 0_2_002166D0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001F6710 0_2_001F6710
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003AA72A 0_2_003AA72A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00298734 0_2_00298734
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027871E 0_2_0027871E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D076F 0_2_002D076F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025876E 0_2_0025876E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E8777 0_2_002E8777
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00262748 0_2_00262748
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00312742 0_2_00312742
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0026C7A7 0_2_0026C7A7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DE7BC 0_2_002DE7BC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F87B5 0_2_002F87B5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001FA780 0_2_001FA780
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00208792 0_2_00208792
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002AC7E5 0_2_002AC7E5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031C7E0 0_2_0031C7E0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002727F5 0_2_002727F5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0020E7C0 0_2_0020E7C0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003147C1 0_2_003147C1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0026082C 0_2_0026082C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0020682D 0_2_0020682D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A883E 0_2_002A883E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00302826 0_2_00302826
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B4837 0_2_002B4837
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00276804 0_2_00276804
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B481F 0_2_003B481F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00228810 0_2_00228810
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DA847 0_2_002DA847
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031685D 0_2_0031685D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002FA858 0_2_002FA858
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A08AF 0_2_002A08AF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002908BE 0_2_002908BE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00264886 0_2_00264886
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025A896 0_2_0025A896
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002748F7 0_2_002748F7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003048E8 0_2_003048E8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029C8CC 0_2_0029C8CC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A48C3 0_2_002A48C3
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002188CB 0_2_002188CB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00282921 0_2_00282921
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002BE924 0_2_002BE924
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D4917 0_2_002D4917
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031090B 0_2_0031090B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00296967 0_2_00296967
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00322968 0_2_00322968
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00220940 0_2_00220940
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C89AC 0_2_002C89AC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E49AE 0_2_002E49AE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029E9AB 0_2_0029E9AB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002589AA 0_2_002589AA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F898D 0_2_002F898D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030C992 0_2_0030C992
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025E98F 0_2_0025E98F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DC995 0_2_002DC995
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A8995 0_2_002A8995
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C69E1 0_2_002C69E1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F69F2 0_2_002F69F2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E29F1 0_2_002E29F1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002589C5 0_2_002589C5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002689C8 0_2_002689C8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029E9D2 0_2_0029E9D2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001FEA10 0_2_001FEA10
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00280A3C 0_2_00280A3C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00256A33 0_2_00256A33
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00264A3F 0_2_00264A3F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E8A1F 0_2_002E8A1F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00266A1D 0_2_00266A1D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C4A79 0_2_002C4A79
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029CA4E 0_2_0029CA4E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0021CA49 0_2_0021CA49
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B8A44 0_2_002B8A44
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002EAA41 0_2_002EAA41
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002AAAB9 0_2_002AAAB9
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002BAAB5 0_2_002BAAB5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00274A83 0_2_00274A83
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00292A82 0_2_00292A82
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002AEA84 0_2_002AEA84
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00320AFB 0_2_00320AFB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00302AE7 0_2_00302AE7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C0AF4 0_2_002C0AF4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00308AEA 0_2_00308AEA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025CAC7 0_2_0025CAC7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0026EAC4 0_2_0026EAC4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029AAC2 0_2_0029AAC2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B0AC0 0_2_002B0AC0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0021CAD0 0_2_0021CAD0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DEAD8 0_2_002DEAD8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027AADD 0_2_0027AADD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0021CB22 0_2_0021CB22
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029EB2F 0_2_0029EB2F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028EB24 0_2_0028EB24
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002CCB3B 0_2_002CCB3B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D0B09 0_2_002D0B09
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00226B08 0_2_00226B08
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0021CB11 0_2_0021CB11
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0026CB6D 0_2_0026CB6D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00210B70 0_2_00210B70
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002EEB79 0_2_002EEB79
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D8B73 0_2_002D8B73
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0020CB40 0_2_0020CB40
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00272B4F 0_2_00272B4F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00216B50 0_2_00216B50
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002CAB52 0_2_002CAB52
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00262B59 0_2_00262B59
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00298BAD 0_2_00298BAD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00306BA2 0_2_00306BA2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C8B89 0_2_002C8B89
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00294B8F 0_2_00294B8F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00250BEF 0_2_00250BEF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003A0BC6 0_2_003A0BC6
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F8C2C 0_2_002F8C2C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002FCC29 0_2_002FCC29
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A2C25 0_2_002A2C25
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00270C06 0_2_00270C06
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025EC08 0_2_0025EC08
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A0C05 0_2_002A0C05
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028CC11 0_2_0028CC11
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00304C70 0_2_00304C70
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A6C68 0_2_002A6C68
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00258C76 0_2_00258C76
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00268C72 0_2_00268C72
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027CC7A 0_2_0027CC7A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002CEC71 0_2_002CEC71
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A4C46 0_2_002A4C46
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031AC4B 0_2_0031AC4B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001F4C60 0_2_001F4C60
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028ACA9 0_2_0028ACA9
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0022ECA0 0_2_0022ECA0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0021AC90 0_2_0021AC90
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00316CE0 0_2_00316CE0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00276CFF 0_2_00276CFF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003A8CE6 0_2_003A8CE6
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025ACCD 0_2_0025ACCD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F4CDA 0_2_002F4CDA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F6D3C 0_2_002F6D3C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00308D1D 0_2_00308D1D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002FAD17 0_2_002FAD17
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00286D68 0_2_00286D68
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030CD7B 0_2_0030CD7B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028CD65 0_2_0028CD65
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B0D65 0_2_002B0D65
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00310D63 0_2_00310D63
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001FCD46 0_2_001FCD46
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F2D57 0_2_002F2D57
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00282DAE 0_2_00282DAE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030EDBA 0_2_0030EDBA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00318DBD 0_2_00318DBD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00264DB3 0_2_00264DB3
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025ED9F 0_2_0025ED9F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B8D91 0_2_002B8D91
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002BEDFF 0_2_002BEDFF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00252DCD 0_2_00252DCD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0026ADD5 0_2_0026ADD5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00314DC2 0_2_00314DC2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00274DDD 0_2_00274DDD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030AE12 0_2_0030AE12
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027AE01 0_2_0027AE01
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00310E18 0_2_00310E18
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002EAE1C 0_2_002EAE1C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029CE1C 0_2_0029CE1C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E2E68 0_2_002E2E68
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E8E66 0_2_002E8E66
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00226E74 0_2_00226E74
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00312E66 0_2_00312E66
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029AE43 0_2_0029AE43
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029EE42 0_2_0029EE42
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D4E42 0_2_002D4E42
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00256EAA 0_2_00256EAA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D2E80 0_2_002D2E80
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DAE93 0_2_002DAE93
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002AEEE5 0_2_002AEEE5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0022AEC0 0_2_0022AEC0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002BCEC8 0_2_002BCEC8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D0ECB 0_2_002D0ECB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00308EC4 0_2_00308EC4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E4F2B 0_2_002E4F2B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00292F2F 0_2_00292F2F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00306F39 0_2_00306F39
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00322F3D 0_2_00322F3D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00288F19 0_2_00288F19
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002CCF6E 0_2_002CCF6E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00294F6D 0_2_00294F6D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001F2F50 0_2_001F2F50
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00210F50 0_2_00210F50
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027EF50 0_2_0027EF50
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00228F59 0_2_00228F59
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C2FA6 0_2_002C2FA6
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0022EFB0 0_2_0022EFB0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002EEFB7 0_2_002EEFB7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031EF93 0_2_0031EF93
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027AF83 0_2_0027AF83
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00260F9F 0_2_00260F9F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002EAFFF 0_2_002EAFFF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D8FCF 0_2_002D8FCF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029AFCA 0_2_0029AFCA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00320FC8 0_2_00320FC8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B3030 0_2_002B3030
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F5030 0_2_002F5030
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002CB008 0_2_002CB008
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DF002 0_2_002DF002
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E9016 0_2_002E9016
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A306D 0_2_002A306D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031D07E 0_2_0031D07E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028B077 0_2_0028B077
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030F058 0_2_0030F058
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030305B 0_2_0030305B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00251052 0_2_00251052
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002810B6 0_2_002810B6
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00273085 0_2_00273085
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002CF080 0_2_002CF080
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002AD084 0_2_002AD084
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002ED080 0_2_002ED080
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002770ED 0_2_002770ED
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002FD0F7 0_2_002FD0F7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030D0EE 0_2_0030D0EE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A90C7 0_2_002A90C7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0026D0C8 0_2_0026D0C8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002FB12B 0_2_002FB12B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E7132 0_2_002E7132
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00287110 0_2_00287110
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030B108 0_2_0030B108
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0026B16E 0_2_0026B16E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030517A 0_2_0030517A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025B174 0_2_0025B174
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0026F15D 0_2_0026F15D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B7155 0_2_002B7155
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029D1A2 0_2_0029D1A2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002971A7 0_2_002971A7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001F91B0 0_2_001F91B0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025D192 0_2_0025D192
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B3190 0_2_002B3190
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E11EC 0_2_002E11EC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002551EE 0_2_002551EE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002131C2 0_2_002131C2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002831CD 0_2_002831CD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0022B1D0 0_2_0022B1D0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002191DD 0_2_002191DD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00205220 0_2_00205220
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002BF23D 0_2_002BF23D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F7205 0_2_002F7205
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C121D 0_2_002C121D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00313209 0_2_00313209
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031D20D 0_2_0031D20D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00265261 0_2_00265261
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025F26E 0_2_0025F26E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030D27D 0_2_0030D27D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030B247 0_2_0030B247
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C32B7 0_2_002C32B7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00301284 0_2_00301284
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0020B2E0 0_2_0020B2E0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C72EF 0_2_002C72EF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002152DD 0_2_002152DD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C532D 0_2_002C532D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00215327 0_2_00215327
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0022F330 0_2_0022F330
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00323320 0_2_00323320
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D333E 0_2_002D333E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027531D 0_2_0027531D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002CD365 0_2_002CD365
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B1365 0_2_002B1365
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0022D34D 0_2_0022D34D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002AB358 0_2_002AB358
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030F34A 0_2_0030F34A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DD353 0_2_002DD353
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A73A8 0_2_002A73A8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002893A1 0_2_002893A1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002533B3 0_2_002533B3
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00251383 0_2_00251383
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F1381 0_2_002F1381
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002713E6 0_2_002713E6
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002ED3FF 0_2_002ED3FF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F53FD 0_2_002F53FD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002693FE 0_2_002693FE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003053EE 0_2_003053EE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002913C7 0_2_002913C7
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028742F 0_2_0028742F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A5422 0_2_002A5422
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00293424 0_2_00293424
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00259434 0_2_00259434
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00273436 0_2_00273436
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002EB43D 0_2_002EB43D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030942B 0_2_0030942B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029B406 0_2_0029B406
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00283416 0_2_00283416
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F3411 0_2_002F3411
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DF46A 0_2_002DF46A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0025745D 0_2_0025745D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002BD453 0_2_002BD453
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002774AB 0_2_002774AB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B34B8 0_2_002B34B8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0020148F 0_2_0020148F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028B487 0_2_0028B487
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028D4E1 0_2_0028D4E1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002FF4CF 0_2_002FF4CF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001F74F0 0_2_001F74F0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002191DD 0_2_002191DD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031B4C3 0_2_0031B4C3
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F14DB 0_2_002F14DB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030D4CF 0_2_0030D4CF
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00227500 0_2_00227500
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002AD566 0_2_002AD566
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0026B556 0_2_0026B556
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C1550 0_2_002C1550
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002CB5AA 0_2_002CB5AA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_001F9580 0_2_001F9580
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00317596 0_2_00317596
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C7584 0_2_002C7584
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0028F598 0_2_0028F598
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029559B 0_2_0029559B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0020759F 0_2_0020759F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A35E5 0_2_002A35E5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B75F4 0_2_002B75F4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E35C8 0_2_002E35C8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A962F 0_2_002A962F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002E1628 0_2_002E1628
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00217603 0_2_00217603
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00261612 0_2_00261612
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0026F61F 0_2_0026F61F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00315679 0_2_00315679
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027F644 0_2_0027F644
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030564B 0_2_0030564B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002536A1 0_2_002536A1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D36A1 0_2_002D36A1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F3687 0_2_002F3687
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A16EB 0_2_002A16EB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002136E2 0_2_002136E2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030D6E4 0_2_0030D6E4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002756CA 0_2_002756CA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B16D4 0_2_003B16D4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002F76DE 0_2_002F76DE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002916D2 0_2_002916D2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0022F720 0_2_0022F720
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00261735 0_2_00261735
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002D973A 0_2_002D973A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0027173E 0_2_0027173E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00255705 0_2_00255705
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0030F718 0_2_0030F718
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B571E 0_2_002B571E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C975A 0_2_002C975A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002A5756 0_2_002A5756
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002677B6 0_2_002677B6
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C77B6 0_2_002C77B6
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002FD7B0 0_2_002FD7B0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002B378B 0_2_002B378B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00309798 0_2_00309798
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0029B782 0_2_0029B782
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002DD79F 0_2_002DD79F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00313787 0_2_00313787
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00205799 0_2_00205799
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00297793 0_2_00297793
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0031F7FB 0_2_0031F7FB
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002C57FA 0_2_002C57FA
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_002097C2 0_2_002097C2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: String function: 00204400 appears 64 times
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: String function: 001F8030 appears 42 times
Source: 9pyUjy2elE.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 9pyUjy2elE.exe Static PE information: Section: ZLIB complexity 0.9973980629280822
Source: 9pyUjy2elE.exe Static PE information: Section: fgilgcby ZLIB complexity 0.9945618872549019
Source: classification engine Classification label: mal100.troj.evad.winEXE@1/0@11/2
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00220C70 CoCreateInstance, 0_2_00220C70
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 9pyUjy2elE.exe ReversingLabs: Detection: 57%
Source: 9pyUjy2elE.exe Virustotal: Detection: 67%
Source: 9pyUjy2elE.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\9pyUjy2elE.exe File read: C:\Users\user\Desktop\9pyUjy2elE.exe Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: 9pyUjy2elE.exe Static file information: File size 1836032 > 1048576
Source: 9pyUjy2elE.exe Static PE information: Raw size of fgilgcby is bigger than: 0x100000 < 0x198000

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Unpacked PE file: 0.2.9pyUjy2elE.exe.1f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;fgilgcby:EW;dsxwbcdv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;fgilgcby:EW;dsxwbcdv:EW;.taggant:EW;
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
Source: 9pyUjy2elE.exe Static PE information: real checksum: 0x1c9238 should be: 0x1c3e0f
Source: 9pyUjy2elE.exe Static PE information: section name:
Source: 9pyUjy2elE.exe Static PE information: section name: .idata
Source: 9pyUjy2elE.exe Static PE information: section name:
Source: 9pyUjy2elE.exe Static PE information: section name: fgilgcby
Source: 9pyUjy2elE.exe Static PE information: section name: dsxwbcdv
Source: 9pyUjy2elE.exe Static PE information: section name: .taggant
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00248747 push eax; mov dword ptr [esp], edi 0_2_00248768
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_00248747 push eax; mov dword ptr [esp], ebx 0_2_00248B79
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 483A5941h; mov dword ptr [esp], esi 0_2_003B009D
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push ebp; mov dword ptr [esp], ecx 0_2_003B00E4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 6DBB7AC4h; mov dword ptr [esp], esi 0_2_003B0161
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push ecx; mov dword ptr [esp], edx 0_2_003B01B0
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push eax; mov dword ptr [esp], ecx 0_2_003B01FD
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 72EA2712h; mov dword ptr [esp], edx 0_2_003B02B3
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 63B8C8F7h; mov dword ptr [esp], edx 0_2_003B035F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 2B8DB040h; mov dword ptr [esp], esi 0_2_003B036F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push edx; mov dword ptr [esp], ecx 0_2_003B0387
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push ecx; mov dword ptr [esp], edi 0_2_003B03D8
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 7B2F6F06h; mov dword ptr [esp], eax 0_2_003B03E1
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 75BA3360h; mov dword ptr [esp], edx 0_2_003B0412
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 55109A25h; mov dword ptr [esp], ebx 0_2_003B0467
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push eax; mov dword ptr [esp], esi 0_2_003B051B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push ecx; mov dword ptr [esp], 090FFF74h 0_2_003B057B
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 369159F6h; mov dword ptr [esp], esi 0_2_003B058A
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 15656780h; mov dword ptr [esp], ebp 0_2_003B05BC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 4DC17D87h; mov dword ptr [esp], ecx 0_2_003B05C5
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push eax; mov dword ptr [esp], edi 0_2_003B05FC
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 63B89604h; mov dword ptr [esp], ebp 0_2_003B0620
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push edx; mov dword ptr [esp], ebx 0_2_003B065E
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push ecx; mov dword ptr [esp], 7EEFA2AEh 0_2_003B068C
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push ebp; mov dword ptr [esp], 00000000h 0_2_003B0771
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push edi; mov dword ptr [esp], 74F25845h 0_2_003B0825
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push edx; mov dword ptr [esp], eax 0_2_003B0858
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 79D39799h; mov dword ptr [esp], eax 0_2_003B0895
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 1970F497h; mov dword ptr [esp], ebp 0_2_003B08C4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push edi; mov dword ptr [esp], eax 0_2_003B08F4
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_003B0038 push 3F62DC2Ah; mov dword ptr [esp], esi 0_2_003B0903
Source: 9pyUjy2elE.exe Static PE information: section name: entropy: 7.9822142420493885
Source: 9pyUjy2elE.exe Static PE information: section name: fgilgcby entropy: 7.954050243675922

Boot Survival

barindex
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\9pyUjy2elE.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3BE6DB second address: 3BE706 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FB9A50C54A4h 0x0000000d pop edx 0x0000000e jc 00007FB9A50C54BBh 0x00000014 jbe 00007FB9A50C54B5h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3BD826 second address: 3BD83E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A510873Ch 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3BD83E second address: 3BD845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3BD845 second address: 3BD85E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB9A5108741h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3BDF75 second address: 3BDF8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A50C54A6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3BDF8F second address: 3BDFBB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 js 00007FB9A5108736h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FB9A5108746h 0x00000011 popad 0x00000012 pushad 0x00000013 jo 00007FB9A510873Eh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3C0612 second address: 3C062F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9A50C54A9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3C0723 second address: 3C0727 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3C077F second address: 3C0788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3C0788 second address: 3C078C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3C08C8 second address: 3C08EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A50C54A9h 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3C08EE second address: 3C092A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB9A5108748h 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push ecx 0x00000010 jns 00007FB9A5108738h 0x00000016 pop ecx 0x00000017 mov eax, dword ptr [eax] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FB9A510873Ah 0x00000022 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3C092A second address: 3C0940 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C54A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3C0940 second address: 3C0959 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB9A510873Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3C0959 second address: 3C09BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop eax 0x0000000c mov cl, al 0x0000000e push 00000003h 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007FB9A50C5498h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a push 00000000h 0x0000002c pushad 0x0000002d mov dword ptr [ebp+122D2C0Eh], ebx 0x00000033 mov ah, dl 0x00000035 popad 0x00000036 push 00000003h 0x00000038 push 00000000h 0x0000003a push eax 0x0000003b call 00007FB9A50C5498h 0x00000040 pop eax 0x00000041 mov dword ptr [esp+04h], eax 0x00000045 add dword ptr [esp+04h], 00000014h 0x0000004d inc eax 0x0000004e push eax 0x0000004f ret 0x00000050 pop eax 0x00000051 ret 0x00000052 push FB944038h 0x00000057 push eax 0x00000058 push edx 0x00000059 jc 00007FB9A50C5498h 0x0000005f push ecx 0x00000060 pop ecx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3D352D second address: 3D3533 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3D3533 second address: 3D3537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3DF583 second address: 3DF587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3DF587 second address: 3DF58B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3DF884 second address: 3DF897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 jo 00007FB9A5108742h 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3DF9CD second address: 3DF9F9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB9A50C5496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007FB9A50C5498h 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FB9A50C54A8h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3DF9F9 second address: 3DF9FF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3DFB6A second address: 3DFB84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FB9A50C549Bh 0x0000000a ja 00007FB9A50C549Eh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3D4A8D second address: 3D4A91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0671 second address: 3E0675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E08FF second address: 3E0908 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0908 second address: 3E0913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB9A50C5496h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0913 second address: 3E0919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0919 second address: 3E091D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E091D second address: 3E092B instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB9A5108736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E092B second address: 3E0935 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB9A50C5496h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0935 second address: 3E0942 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0942 second address: 3E0947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0C0C second address: 3E0C10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0C10 second address: 3E0C14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0C14 second address: 3E0C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0C1A second address: 3E0C20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0C20 second address: 3E0C26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E0C26 second address: 3E0C3A instructions: 0x00000000 rdtsc 0x00000002 jl 00007FB9A50C5496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E2EF7 second address: 3E2EFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E2EFB second address: 3E2F2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007FB9A50C54A3h 0x00000010 jmp 00007FB9A50C54A0h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E2F2A second address: 3E2F2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E406A second address: 3E4070 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E4070 second address: 3E4074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E4074 second address: 3E4087 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007FB9A50C5498h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E4087 second address: 3E40B9 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB9A510873Ch 0x00000008 ja 00007FB9A5108736h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push edi 0x00000015 jl 00007FB9A510873Ch 0x0000001b jng 00007FB9A5108736h 0x00000021 pop edi 0x00000022 mov eax, dword ptr [eax] 0x00000024 js 00007FB9A5108744h 0x0000002a push eax 0x0000002b push edx 0x0000002c jl 00007FB9A5108736h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E40B9 second address: 3E40CE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jo 00007FB9A50C5496h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3E40CE second address: 3E40D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EAF47 second address: 3EAF4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EB09A second address: 3EB0A4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EB0A4 second address: 3EB0A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EB0A8 second address: 3EB0B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EB5F6 second address: 3EB5FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EB5FA second address: 3EB600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EB600 second address: 3EB613 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EB613 second address: 3EB619 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EF274 second address: 3EF278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EF278 second address: 3EF288 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop esi 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EF288 second address: 3EF28E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EF319 second address: 3EF31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EF3FD second address: 3EF401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EFBFE second address: 3EFC02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EFC02 second address: 3EFC08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EFCD4 second address: 3EFCDA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EFDDA second address: 3EFDE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EFDE7 second address: 3EFDED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EFEAE second address: 3EFEBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EFEBA second address: 3EFEDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007FB9A5108740h 0x0000000c nop 0x0000000d mov di, 38B5h 0x00000011 xchg eax, ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EFEDF second address: 3EFF04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C54A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007FB9A50C54A4h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F039B second address: 3F0431 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A5108746h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FB9A510873Bh 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007FB9A5108738h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ebx 0x00000031 call 00007FB9A5108738h 0x00000036 pop ebx 0x00000037 mov dword ptr [esp+04h], ebx 0x0000003b add dword ptr [esp+04h], 00000016h 0x00000043 inc ebx 0x00000044 push ebx 0x00000045 ret 0x00000046 pop ebx 0x00000047 ret 0x00000048 mov dword ptr [ebp+122D1FD1h], esi 0x0000004e push 00000000h 0x00000050 jmp 00007FB9A5108747h 0x00000055 xchg eax, ebx 0x00000056 pushad 0x00000057 push eax 0x00000058 ja 00007FB9A5108736h 0x0000005e pop eax 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F0DA8 second address: 3F0DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F0C86 second address: 3F0C8D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F0DB0 second address: 3F0DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F1DFE second address: 3F1EC4 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB9A5108736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FB9A510873Ch 0x00000012 pushad 0x00000013 jg 00007FB9A5108736h 0x00000019 jmp 00007FB9A5108749h 0x0000001e popad 0x0000001f popad 0x00000020 nop 0x00000021 push 00000000h 0x00000023 push ebx 0x00000024 call 00007FB9A5108738h 0x00000029 pop ebx 0x0000002a mov dword ptr [esp+04h], ebx 0x0000002e add dword ptr [esp+04h], 0000001Ch 0x00000036 inc ebx 0x00000037 push ebx 0x00000038 ret 0x00000039 pop ebx 0x0000003a ret 0x0000003b mov si, D5FCh 0x0000003f mov dword ptr [ebp+124470FAh], ecx 0x00000045 push 00000000h 0x00000047 push 00000000h 0x00000049 push ecx 0x0000004a call 00007FB9A5108738h 0x0000004f pop ecx 0x00000050 mov dword ptr [esp+04h], ecx 0x00000054 add dword ptr [esp+04h], 0000001Bh 0x0000005c inc ecx 0x0000005d push ecx 0x0000005e ret 0x0000005f pop ecx 0x00000060 ret 0x00000061 movsx edi, dx 0x00000064 mov esi, dword ptr [ebp+122D294Eh] 0x0000006a push 00000000h 0x0000006c xor si, BA78h 0x00000071 jmp 00007FB9A5108749h 0x00000076 push eax 0x00000077 push eax 0x00000078 push edx 0x00000079 jmp 00007FB9A510873Bh 0x0000007e rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F3416 second address: 3F341B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F484D second address: 3F4851 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F4851 second address: 3F485A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F45FA second address: 3F4604 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F4604 second address: 3F4619 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C549Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F6F93 second address: 3F6FAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A5108744h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3A6C86 second address: 3A6C8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3A6C8A second address: 3A6CA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FB9A5108736h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007FB9A5108736h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3A6CA0 second address: 3A6CA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3A6CA4 second address: 3A6CA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F9686 second address: 3F968C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F968C second address: 3F9690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F9C0B second address: 3F9C46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov dword ptr [esp], eax 0x00000008 push eax 0x00000009 mov bx, cx 0x0000000c pop ebx 0x0000000d push 00000000h 0x0000000f xor dword ptr [ebp+122D2C16h], edi 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007FB9A50C5498h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 push eax 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F9C46 second address: 3F9C4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F9C4A second address: 3F9C53 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3FAC24 second address: 3FAC2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3FAC2A second address: 3FAC50 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007FB9A50C54A7h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3FBEB4 second address: 3FBEC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9A510873Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3FBEC6 second address: 3FBEDD instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB9A50C5496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007FB9A50C5498h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3FCD8B second address: 3FCD8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3FDD4B second address: 3FDD5F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB9A50C5496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3FCD8F second address: 3FCD98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3FDD5F second address: 3FDDE1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FB9A50C54A2h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov di, si 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007FB9A50C5498h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b push esi 0x0000002c sub bx, 665Ah 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007FB9A50C5498h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 00000018h 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e jmp 00007FB9A50C549Ah 0x00000053 adc edi, 51DDBDB7h 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d pushad 0x0000005e popad 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3FDDE1 second address: 3FDDE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3FDDE6 second address: 3FDDEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3FDDEC second address: 3FDDF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 401279 second address: 4012FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop ebx 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FB9A50C5498h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 or dword ptr [ebp+122D358Ah], ecx 0x0000002b mov ebx, dword ptr [ebp+122D36CBh] 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push eax 0x00000036 call 00007FB9A50C5498h 0x0000003b pop eax 0x0000003c mov dword ptr [esp+04h], eax 0x00000040 add dword ptr [esp+04h], 00000017h 0x00000048 inc eax 0x00000049 push eax 0x0000004a ret 0x0000004b pop eax 0x0000004c ret 0x0000004d xor edi, dword ptr [ebp+122D27CEh] 0x00000053 push 00000000h 0x00000055 mov edi, dword ptr [ebp+122D2A0Ah] 0x0000005b push eax 0x0000005c pushad 0x0000005d jc 00007FB9A50C5498h 0x00000063 pushad 0x00000064 popad 0x00000065 pushad 0x00000066 jmp 00007FB9A50C549Dh 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 402358 second address: 40236E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FB9A5108736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007FB9A5108738h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 40236E second address: 402374 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 403328 second address: 40332C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 40332C second address: 4033B3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jnc 00007FB9A50C549Ch 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007FB9A50C5498h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a mov edi, 2A99FC5Eh 0x0000002f cmc 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push esi 0x00000035 call 00007FB9A50C5498h 0x0000003a pop esi 0x0000003b mov dword ptr [esp+04h], esi 0x0000003f add dword ptr [esp+04h], 0000001Bh 0x00000047 inc esi 0x00000048 push esi 0x00000049 ret 0x0000004a pop esi 0x0000004b ret 0x0000004c call 00007FB9A50C54A8h 0x00000051 mov dword ptr [ebp+122D34D2h], edx 0x00000057 pop ebx 0x00000058 xchg eax, esi 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4024D7 second address: 4024FD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FB9A5108745h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FB9A5108738h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4033B3 second address: 4033C9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB9A50C5496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007FB9A50C5498h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4024FD second address: 4025A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB9A510873Ah 0x00000008 jmp 00007FB9A5108744h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007FB9A5108738h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b mov dword ptr [ebp+1244D39Bh], esi 0x00000031 push dword ptr fs:[00000000h] 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007FB9A5108738h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 0000001Ch 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 mov dword ptr fs:[00000000h], esp 0x00000059 sub dword ptr [ebp+122D1BF3h], eax 0x0000005f mov eax, dword ptr [ebp+122D0E3Dh] 0x00000065 or dword ptr [ebp+122D2B35h], ecx 0x0000006b add bl, FFFFFFF3h 0x0000006e push FFFFFFFFh 0x00000070 mov di, 2E28h 0x00000074 nop 0x00000075 push eax 0x00000076 push edx 0x00000077 jbe 00007FB9A510873Ch 0x0000007d rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4025A0 second address: 4025A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4062A5 second address: 4062A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4062A9 second address: 406332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FB9A50C5498h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 jc 00007FB9A50C549Ch 0x00000029 mov dword ptr [ebp+122D3014h], ebx 0x0000002f jnp 00007FB9A50C549Ch 0x00000035 mov dword ptr [ebp+122D1BEEh], edx 0x0000003b push 00000000h 0x0000003d jmp 00007FB9A50C54A3h 0x00000042 pushad 0x00000043 jne 00007FB9A50C549Ch 0x00000049 mov ecx, 054141ABh 0x0000004e popad 0x0000004f push 00000000h 0x00000051 add bx, 1E6Ch 0x00000056 xchg eax, esi 0x00000057 jmp 00007FB9A50C549Fh 0x0000005c push eax 0x0000005d push ecx 0x0000005e pushad 0x0000005f jp 00007FB9A50C5496h 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4072D1 second address: 4072D6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 407366 second address: 40736A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 406460 second address: 406465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 406501 second address: 40650C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FB9A50C5496h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 409385 second address: 4093BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB9A5108744h 0x00000008 jc 00007FB9A5108736h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push edx 0x00000014 jnl 00007FB9A5108736h 0x0000001a pop edx 0x0000001b pushad 0x0000001c jmp 00007FB9A510873Dh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 40744A second address: 407466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jmp 00007FB9A50C549Fh 0x0000000c popad 0x0000000d push eax 0x0000000e push ebx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 403508 second address: 40351A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A510873Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 408515 second address: 40851B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 40851B second address: 408525 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB9A510873Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 408525 second address: 40853B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jo 00007FB9A50C5496h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 40952A second address: 4095BA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FB9A5108738h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov edi, dword ptr [ebp+122D2C9Ch] 0x00000029 push dword ptr fs:[00000000h] 0x00000030 jp 00007FB9A510873Ch 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d movsx edi, bx 0x00000040 mov eax, dword ptr [ebp+122D13ADh] 0x00000046 push 00000000h 0x00000048 push edx 0x00000049 call 00007FB9A5108738h 0x0000004e pop edx 0x0000004f mov dword ptr [esp+04h], edx 0x00000053 add dword ptr [esp+04h], 00000018h 0x0000005b inc edx 0x0000005c push edx 0x0000005d ret 0x0000005e pop edx 0x0000005f ret 0x00000060 push FFFFFFFFh 0x00000062 pushad 0x00000063 sub di, 53CFh 0x00000068 and ecx, dword ptr [ebp+122D18CDh] 0x0000006e popad 0x0000006f push eax 0x00000070 push eax 0x00000071 push edx 0x00000072 jg 00007FB9A5108738h 0x00000078 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4095BA second address: 4095BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 40A533 second address: 40A548 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FB9A510873Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 40A548 second address: 40A54C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 40C5D9 second address: 40C5F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9A5108744h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 41510D second address: 415125 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FB9A50C54A2h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 415125 second address: 415129 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3B28A7 second address: 3B28DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007FB9A50C54A3h 0x0000000b jmp 00007FB9A50C549Dh 0x00000010 js 00007FB9A50C549Ch 0x00000016 jl 00007FB9A50C5496h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FB9A50C54A0h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4187C5 second address: 4187C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4180EF second address: 418113 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C54A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FB9A50C549Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 418244 second address: 418248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F0C82 second address: 3F0C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 421112 second address: 42113E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A510873Ah 0x00000007 jmp 00007FB9A5108741h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jnc 00007FB9A5108738h 0x00000014 popad 0x00000015 pushad 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 42113E second address: 42114F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007FB9A50C5496h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 42114F second address: 421153 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 421767 second address: 42176D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 42176D second address: 421771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 421771 second address: 421782 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FB9A50C5496h 0x00000009 ja 00007FB9A50C5496h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 42189E second address: 4218A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4218A2 second address: 4218AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4218AC second address: 4218B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4218B2 second address: 4218B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 421A4C second address: 421A52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 421A52 second address: 421A56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 421EA5 second address: 421EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 421EAE second address: 421EC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FB9A50C54A0h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 42200A second address: 422016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FB9A510873Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 422016 second address: 42201A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 42201A second address: 42204F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FB9A510873Dh 0x00000014 jno 00007FB9A5108736h 0x0000001a pushad 0x0000001b popad 0x0000001c jmp 00007FB9A5108740h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4221F7 second address: 42220A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C549Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 42235E second address: 42236A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FB9A5108736h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 424E97 second address: 424EC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C549Dh 0x00000007 jmp 00007FB9A50C549Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007FB9A50C54A1h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4290FF second address: 429109 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB9A5108736h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 429109 second address: 429114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 429114 second address: 42911F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 42911F second address: 42914A instructions: 0x00000000 rdtsc 0x00000002 jns 00007FB9A50C5496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FB9A50C549Bh 0x00000011 jmp 00007FB9A50C54A4h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 42946D second address: 429473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 42B9A4 second address: 42B9BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FB9A50C5496h 0x00000009 jmp 00007FB9A50C549Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3ABD5F second address: 3ABD63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3ABD63 second address: 3ABD67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 431AF4 second address: 431AF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 431AF9 second address: 431AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 431DD4 second address: 431DDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 431DDD second address: 431DE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 431DE3 second address: 431E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FB9A5108742h 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 431E00 second address: 431E2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jnp 00007FB9A50C54ABh 0x0000000d jmp 00007FB9A50C54A3h 0x00000012 pushad 0x00000013 popad 0x00000014 jnp 00007FB9A50C549Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 432633 second address: 432670 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A510873Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jng 00007FB9A5108763h 0x0000000f jmp 00007FB9A5108743h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FB9A5108742h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3ED622 second address: 3ED628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3ED628 second address: 3ED62C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3ED62C second address: 3ED691 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB9A50C5496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov edx, 30666FFBh 0x00000012 lea eax, dword ptr [ebp+12479373h] 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007FB9A50C5498h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 0000001Bh 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 call 00007FB9A50C549Fh 0x00000037 and cl, FFFFFF8Dh 0x0000003a pop ecx 0x0000003b nop 0x0000003c jmp 00007FB9A50C549Fh 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push edi 0x00000045 pushad 0x00000046 popad 0x00000047 pop edi 0x00000048 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3ED691 second address: 3ED696 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3ED696 second address: 3D4A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FB9A50C5498h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 call dword ptr [ebp+1244CB9Dh] 0x0000002a push edx 0x0000002b pushad 0x0000002c pushad 0x0000002d popad 0x0000002e jmp 00007FB9A50C549Eh 0x00000033 push eax 0x00000034 pop eax 0x00000035 popad 0x00000036 push eax 0x00000037 push edx 0x00000038 push edx 0x00000039 pop edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3ED73F second address: 3ED743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3ED743 second address: 3ED747 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3ED747 second address: 3ED74D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3ED74D second address: 3ED76B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C549Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007FB9A50C5498h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EDB54 second address: 3EDB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EDB58 second address: 3EDB62 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB9A50C5496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EDDC4 second address: 3EDDC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EDDC8 second address: 3EDE25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C549Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov dword ptr [esp], esi 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007FB9A50C5498h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 mov edx, dword ptr [ebp+122D281Eh] 0x0000002d jmp 00007FB9A50C54A7h 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 jne 00007FB9A50C5498h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EDE25 second address: 3EDE38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FB9A510873Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EE82A second address: 3EE843 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FB9A50C54A5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EE843 second address: 3EE851 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EE851 second address: 3EE858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EE858 second address: 3EE8C6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007FB9A5108738h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 cmc 0x00000024 lea eax, dword ptr [ebp+124793B7h] 0x0000002a push 00000000h 0x0000002c push ebx 0x0000002d call 00007FB9A5108738h 0x00000032 pop ebx 0x00000033 mov dword ptr [esp+04h], ebx 0x00000037 add dword ptr [esp+04h], 00000014h 0x0000003f inc ebx 0x00000040 push ebx 0x00000041 ret 0x00000042 pop ebx 0x00000043 ret 0x00000044 or di, 4E61h 0x00000049 push eax 0x0000004a pushad 0x0000004b jns 00007FB9A5108738h 0x00000051 pushad 0x00000052 popad 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007FB9A5108744h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EE8C6 second address: 3EE903 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C54A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007FB9A50C549Dh 0x00000012 lea eax, dword ptr [ebp+12479373h] 0x00000018 mov ecx, 74BA56F1h 0x0000001d nop 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push ecx 0x00000023 pop ecx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EE903 second address: 3EE912 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A510873Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 437641 second address: 437655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A50C54A0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 437655 second address: 437669 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FB9A510873Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 437669 second address: 437691 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C54A8h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FB9A50C549Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 437691 second address: 437695 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 437695 second address: 4376C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007FB9A50C549Dh 0x00000010 jnl 00007FB9A50C5496h 0x00000016 jmp 00007FB9A50C549Ah 0x0000001b ja 00007FB9A50C5496h 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 437824 second address: 43782A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 43782A second address: 43782F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 43782F second address: 43783F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FB9A5108736h 0x0000000a jg 00007FB9A5108736h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 437990 second address: 437994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 437C4F second address: 437C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 437DFD second address: 437E4D instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB9A50C5496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB9A50C549Ah 0x0000000f jmp 00007FB9A50C54A7h 0x00000014 popad 0x00000015 jo 00007FB9A50C54D6h 0x0000001b push eax 0x0000001c push edx 0x0000001d jl 00007FB9A50C5496h 0x00000023 jmp 00007FB9A50C54A6h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 437E4D second address: 437E51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 437E51 second address: 437E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 43D9F8 second address: 43DA1F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FB9A5108736h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FB9A510873Eh 0x00000014 jmp 00007FB9A510873Bh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 43DA1F second address: 43DA33 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB9A50C549Ch 0x00000008 jl 00007FB9A50C5496h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 43D598 second address: 43D5D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A5108743h 0x00000007 jmp 00007FB9A5108744h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 jng 00007FB9A5108736h 0x00000016 jg 00007FB9A5108736h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 43D5D3 second address: 43D5F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jng 00007FB9A50C5496h 0x0000000e jns 00007FB9A50C5496h 0x00000014 popad 0x00000015 push eax 0x00000016 jnl 00007FB9A50C5496h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4408EE second address: 4408F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4408F2 second address: 44091E instructions: 0x00000000 rdtsc 0x00000002 jo 00007FB9A50C5496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB9A50C54A7h 0x0000000f pushad 0x00000010 jo 00007FB9A50C5496h 0x00000016 push edx 0x00000017 pop edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4402F9 second address: 440321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jl 00007FB9A5108736h 0x0000000c popad 0x0000000d push ecx 0x0000000e jnp 00007FB9A5108736h 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FB9A5108741h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 440321 second address: 440342 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jc 00007FB9A50C5496h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FB9A50C549Eh 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4404AE second address: 4404CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007FB9A5108741h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 44061C second address: 440637 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A50C54A2h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 440637 second address: 440640 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 442C73 second address: 442C7E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 44697B second address: 446987 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 446AED second address: 446AF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FB9A50C5496h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 446F14 second address: 446F1E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FB9A5108736h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 446F1E second address: 446F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 44A545 second address: 44A552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FB9A510873Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 449C2C second address: 449C45 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FB9A50C549Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 44A24A second address: 44A25F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A5108741h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 44E410 second address: 44E416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 44E416 second address: 44E41A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 44E5A1 second address: 44E5A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 44E5A5 second address: 44E5AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EE31D second address: 3EE321 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3EE321 second address: 3EE327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 44F744 second address: 44F74E instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB9A50C54A2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4567DE second address: 4567E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4567E4 second address: 4567E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4567E9 second address: 456811 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FB9A510873Ch 0x00000008 jg 00007FB9A5108736h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FB9A5108743h 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 456811 second address: 45681A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 45681A second address: 456820 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 456820 second address: 456826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 456826 second address: 45682A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 45682A second address: 45684A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FB9A50C5496h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FB9A50C54A2h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4573F5 second address: 457408 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FB9A5108736h 0x00000008 jng 00007FB9A5108736h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 457408 second address: 45740E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 457C64 second address: 457CB8 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB9A5108736h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FB9A5108749h 0x00000011 jmp 00007FB9A510873Dh 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FB9A5108740h 0x0000001f jmp 00007FB9A510873Eh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 45BF0A second address: 45BF2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A50C54A9h 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 45BF2D second address: 45BF37 instructions: 0x00000000 rdtsc 0x00000002 je 00007FB9A5108736h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 45C2D5 second address: 45C2E1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FB9A50C5496h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 45C2E1 second address: 45C302 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jng 00007FB9A5108736h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007FB9A5108741h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 45C302 second address: 45C30B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 45C30B second address: 45C30F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 45C30F second address: 45C315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 45C446 second address: 45C45A instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB9A5108736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jbe 00007FB9A5108736h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 45C45A second address: 45C464 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 469339 second address: 46933D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 46933D second address: 46934C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 46934C second address: 469356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 467532 second address: 46753C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FB9A50C5496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 46768D second address: 467691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 467BF6 second address: 467C13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FB9A50C54A1h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 467C13 second address: 467C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 467C17 second address: 467C1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4681A8 second address: 4681EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jne 00007FB9A5108743h 0x0000000b jmp 00007FB9A510873Dh 0x00000010 jmp 00007FB9A5108741h 0x00000015 popad 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FB9A5108743h 0x0000001e jp 00007FB9A5108736h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4681EE second address: 4681F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4681F2 second address: 4681F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4681F8 second address: 468201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 46DD8D second address: 46DDAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FB9A5108736h 0x0000000a pop ebx 0x0000000b jl 00007FB9A5108738h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 jnp 00007FB9A510875Eh 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 46DDAA second address: 46DDB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 46DDB0 second address: 46DDB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 470C7E second address: 470C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007FB9A50C54A4h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 470C9C second address: 470CB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A510873Dh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 470CB0 second address: 470CCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FB9A50C54A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 470CCD second address: 470CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007FB9A5108749h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 470CF2 second address: 470D08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C54A2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 470D08 second address: 470D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007FB9A5108736h 0x0000000d jmp 00007FB9A510873Bh 0x00000012 jmp 00007FB9A5108748h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jns 00007FB9A5108736h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 470D41 second address: 470D47 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 47C705 second address: 47C714 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 47C2EC second address: 47C2F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 47FB05 second address: 47FB22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FB9A5108736h 0x0000000a popad 0x0000000b jmp 00007FB9A510873Ah 0x00000010 jnl 00007FB9A510873Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 48DAE9 second address: 48DAEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 48D948 second address: 48D983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A5108741h 0x00000009 jmp 00007FB9A5108740h 0x0000000e jmp 00007FB9A510873Fh 0x00000013 popad 0x00000014 pop esi 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 48D983 second address: 48D98D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 48D98D second address: 48D997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FB9A5108736h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4908F1 second address: 4908F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4977BC second address: 4977C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FB9A5108736h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4977C7 second address: 4977F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A50C549Eh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d je 00007FB9A50C549Ch 0x00000013 jng 00007FB9A50C5496h 0x00000019 jng 00007FB9A50C549Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 49669A second address: 49669E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 49669E second address: 4966C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FB9A50C54A4h 0x0000000e pop ebx 0x0000000f popad 0x00000010 jnp 00007FB9A50C54C1h 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 496938 second address: 496963 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A5108747h 0x00000007 jp 00007FB9A5108736h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007FB9A5108736h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 496963 second address: 496967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 496AB8 second address: 496ABC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 496ABC second address: 496AD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FB9A50C54A2h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4974C8 second address: 4974D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4974D1 second address: 4974DF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4974DF second address: 4974E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 498F37 second address: 498F45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 jno 00007FB9A50C5496h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 498F45 second address: 498F5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A5108744h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 49B7F8 second address: 49B803 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 49B803 second address: 49B825 instructions: 0x00000000 rdtsc 0x00000002 js 00007FB9A5108736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FB9A5108744h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4AD715 second address: 4AD71E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4AD71E second address: 4AD724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4A7830 second address: 4A7835 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4B975C second address: 4B9760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4B9760 second address: 4B9770 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FB9A50C5496h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4B9770 second address: 4B9776 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4BC726 second address: 4BC72A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4BC72A second address: 4BC72E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4CEC74 second address: 4CEC79 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4CEE08 second address: 4CEE2A instructions: 0x00000000 rdtsc 0x00000002 jne 00007FB9A5108736h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FB9A5108740h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4CEE2A second address: 4CEE40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FB9A50C549Dh 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4CEE40 second address: 4CEE4C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 je 00007FB9A5108736h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4CF4DA second address: 4CF4F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C54A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4CF4F6 second address: 4CF500 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FB9A510873Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4CF67B second address: 4CF67F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4CF67F second address: 4CF685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D1532 second address: 4D1549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A50C54A2h 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D1549 second address: 4D154F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D154F second address: 4D1568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FB9A50C54A5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D1568 second address: 4D156C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D3E51 second address: 4D3E78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C54A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007FB9A50C5496h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D3E78 second address: 4D3E7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D40E5 second address: 4D40F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FB9A50C549Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D40F2 second address: 4D4123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000004h 0x0000000a mov dword ptr [ebp+122D2C7Bh], eax 0x00000010 call 00007FB9A5108739h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FB9A5108746h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D4123 second address: 4D416E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jnp 00007FB9A50C5496h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007FB9A50C54A0h 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jmp 00007FB9A50C54A2h 0x00000020 jmp 00007FB9A50C54A2h 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D416E second address: 4D4181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FB9A5108736h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D43BF second address: 4D43C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D5C2E second address: 4D5C55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jp 00007FB9A5108736h 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FB9A5108742h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 4D5C55 second address: 4D5C59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F17FF second address: 3F1803 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F1803 second address: 3F1819 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A50C549Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F1819 second address: 3F1832 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FB9A5108741h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F1832 second address: 3F1836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe RDTSC instruction interceptor: First address: 3F1BA2 second address: 3F1BA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Special instruction interceptor: First address: 247867 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Special instruction interceptor: First address: 3E264C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Special instruction interceptor: First address: 40C647 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Special instruction interceptor: First address: 3ED7C8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Special instruction interceptor: First address: 2477A4 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Special instruction interceptor: First address: 47265C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0024A92F rdtsc 0_2_0024A92F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe TID: 7256 Thread sleep time: -120000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe TID: 7256 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: 9pyUjy2elE.exe, 9pyUjy2elE.exe, 00000000.00000002.1363124826.00000000003C7000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 9pyUjy2elE.exe, 00000000.00000003.1326718158.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351824976.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1362862160.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326494966.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW'qW
Source: 9pyUjy2elE.exe, 00000000.00000003.1326718158.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1351824976.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1362862160.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363637912.0000000001587000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000003.1326494966.00000000015DD000.00000004.00000020.00020000.00000000.sdmp, 9pyUjy2elE.exe, 00000000.00000002.1363823898.00000000015DD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: 9pyUjy2elE.exe, 00000000.00000002.1363124826.00000000003C7000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\9pyUjy2elE.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\9pyUjy2elE.exe File opened: NTICE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe File opened: SICE
Source: C:\Users\user\Desktop\9pyUjy2elE.exe File opened: SIWVID
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0024A92F rdtsc 0_2_0024A92F
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Code function: 0_2_0022C1F0 LdrInitializeThunk, 0_2_0022C1F0

HIPS / PFW / Operating System Protection Evasion

barindex
Source: 9pyUjy2elE.exe String found in binary or memory: rapeflowwj.lat
Source: 9pyUjy2elE.exe String found in binary or memory: crosshuaht.lat
Source: 9pyUjy2elE.exe String found in binary or memory: sustainskelet.lat
Source: 9pyUjy2elE.exe String found in binary or memory: aspecteirs.lat
Source: 9pyUjy2elE.exe String found in binary or memory: energyaffai.lat
Source: 9pyUjy2elE.exe String found in binary or memory: necklacebudi.lat
Source: 9pyUjy2elE.exe String found in binary or memory: discokeyus.lat
Source: 9pyUjy2elE.exe String found in binary or memory: grannyejh.lat
Source: 9pyUjy2elE.exe String found in binary or memory: sweepyribs.lat
Source: 9pyUjy2elE.exe, 9pyUjy2elE.exe, 00000000.00000002.1363124826.00000000003C7000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: I=&5Program Manager
Source: 9pyUjy2elE.exe, 00000000.00000002.1363124826.00000000003C7000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: oI=&5Program Manager
Source: C:\Users\user\Desktop\9pyUjy2elE.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information

barindex
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

barindex
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs