Windows Analysis Report
xxLuwS60RS.exe

Overview

General Information

Sample name: xxLuwS60RS.exe
renamed because original name is a hash value
Original sample name: 2cadc9fdc1b98560776cb3750bbc52ad.exe
Analysis ID: 1579687
MD5: 2cadc9fdc1b98560776cb3750bbc52ad
SHA1: 15c1d08b1555e3f1f54cf95cf7333150c29879c2
SHA256: 4c118f4af126877304c23b32bc0b0fb83956ac0d3842a047dd6f9264473fa309
Tags: exeuser-abuse_ch
Infos:

Detection

LummaC
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Lumma Stealer, LummaC2 Stealer Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

AV Detection

barindex
Source: xxLuwS60RS.exe Avira: detected
Source: xxLuwS60RS.exe.360.0.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["necklacebudi.lat", "grannyejh.lat", "energyaffai.lat", "rapeflowwj.lat", "aspecteirs.lat", "sweepyribs.lat", "crosshuaht.lat", "sustainskelet.lat", "discokeyus.lat"], "Build id": "PsFKDg--pablo"}
Source: xxLuwS60RS.exe ReversingLabs: Detection: 60%
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: xxLuwS60RS.exe Joe Sandbox ML: detected
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: rapeflowwj.lat
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: crosshuaht.lat
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: sustainskelet.lat
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: aspecteirs.lat
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: energyaffai.lat
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: necklacebudi.lat
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: discokeyus.lat
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: grannyejh.lat
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: sweepyribs.lat
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Screen Resoluton:
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: Workgroup: -
Source: 00000000.00000003.2093985095.0000000004820000.00000004.00001000.00020000.00000000.sdmp String decryptor: PsFKDg--pablo
Source: xxLuwS60RS.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then lea edx, dword ptr [ecx+01h] 0_2_0005B70C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h] 0_2_0008C767
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then push C0BFD6CCh 0_2_00073086
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then push C0BFD6CCh 0_2_00073086
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then add ebp, dword ptr [esp+0Ch] 0_2_0007B170
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ebx, esi 0_2_00072190
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov word ptr [ebx], cx 0_2_00072190
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h 0_2_00072190
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h 0_2_0008B1D0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ebx, eax 0_2_0008B1D0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov word ptr [ecx], dx 0_2_000791DD
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ecx, dword ptr [ebp-20h] 0_2_000791DD
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh] 0_2_00065220
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh] 0_2_00066263
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov word ptr [ebx], ax 0_2_0006B2E0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax] 0_2_0008F330
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh] 0_2_00067380
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h 0_2_0006D380
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh] 0_2_00067380
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_00085450
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov word ptr [ecx], dx 0_2_000791DD
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ecx, dword ptr [ebp-20h] 0_2_000791DD
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] 0_2_000574F0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] 0_2_000574F0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ecx, eax 0_2_00059580
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov word ptr [ebp+00h], ax 0_2_00059580
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then jmp dword ptr [0009450Ch] 0_2_00068591
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then xor edi, edi 0_2_0006759F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h 0_2_000885E0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then jmp eax 0_2_000885E0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov eax, dword ptr [0009473Ch] 0_2_0006C653
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_0007A700
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov esi, eax 0_2_00065799
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ecx, eax 0_2_00065799
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx eax, word ptr [edx] 0_2_000697C2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov word ptr [edi], dx 0_2_000697C2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov word ptr [esi], cx 0_2_000697C2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h] 0_2_0006E7C0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov edx, ecx 0_2_00088810
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh 0_2_00088810
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh 0_2_00088810
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then test eax, eax 0_2_00088810
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov byte ptr [edi], al 0_2_0006682D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+18h] 0_2_0006682D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h] 0_2_0006682D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov word ptr [ecx], bp 0_2_0006D83A
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then jmp eax 0_2_0007984F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh] 0_2_00073860
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ebx, eax 0_2_00055990
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ebp, eax 0_2_00055990
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov eax, dword ptr [esp+00000080h] 0_2_000679C1
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_0007CA49
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov byte ptr [esi], al 0_2_0007DA53
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then push ebx 0_2_0008CA93
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then push esi 0_2_00077AD3
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_0007CAD0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_0007CB11
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_0007CB22
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_0006CB40
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov word ptr [esi], cx 0_2_0006CB40
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00078B61
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then cmp al, 2Eh 0_2_00076B95
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ebx, eax 0_2_0005DBD9
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ebx, eax 0_2_0005DBD9
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then push 00000000h 0_2_00079C2B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h] 0_2_0008ECA0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov eax, dword ptr [ebp-68h] 0_2_00078D93
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h] 0_2_00067DEE
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then jmp dword ptr [000955F4h] 0_2_00075E30
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov edx, ebp 0_2_00075E70
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ecx, eax 0_2_0008AEC0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov byte ptr [esi], al 0_2_0006BF14
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov eax, dword ptr [ebx+edi+44h] 0_2_00069F30
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then xor byte ptr [esp+eax+17h], al 0_2_00058F50
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov byte ptr [edi], bl 0_2_00058F50
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h] 0_2_0008EFB0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then mov ecx, ebx 0_2_0007DFE9
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 4x nop then jmp ecx 0_2_0005BFFD

Networking

barindex
Source: Network traffic Suricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.5:63732 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.5:49530 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.5:51592 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.5:54733 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.5:54727 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.5:61157 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.5:65288 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.5:55293 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.5:51192 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49704 -> 23.55.153.106:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49705 -> 172.67.157.254:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 172.67.157.254:443
Source: Malware configuration extractor URLs: necklacebudi.lat
Source: Malware configuration extractor URLs: grannyejh.lat
Source: Malware configuration extractor URLs: energyaffai.lat
Source: Malware configuration extractor URLs: rapeflowwj.lat
Source: Malware configuration extractor URLs: aspecteirs.lat
Source: Malware configuration extractor URLs: sweepyribs.lat
Source: Malware configuration extractor URLs: crosshuaht.lat
Source: Malware configuration extractor URLs: sustainskelet.lat
Source: Malware configuration extractor URLs: discokeyus.lat
Source: Joe Sandbox View IP Address: 172.67.157.254 172.67.157.254
Source: Joe Sandbox View IP Address: 23.55.153.106 23.55.153.106
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 172.67.157.254:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 23.55.153.106:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 172.67.157.254:443
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: /assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ httG equals www.youtube.com (Youtube)
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=50892755ecab8f36e515b612; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35121Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 23 Dec 2024 06:36:11 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control$" equals www.youtube.com (Youtube)
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic DNS traffic detected: DNS query: grannyejh.lat
Source: global traffic DNS traffic detected: DNS query: discokeyus.lat
Source: global traffic DNS traffic detected: DNS query: necklacebudi.lat
Source: global traffic DNS traffic detected: DNS query: energyaffai.lat
Source: global traffic DNS traffic detected: DNS query: aspecteirs.lat
Source: global traffic DNS traffic detected: DNS query: sustainskelet.lat
Source: global traffic DNS traffic detected: DNS query: crosshuaht.lat
Source: global traffic DNS traffic detected: DNS query: rapeflowwj.lat
Source: global traffic DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic DNS traffic detected: DNS query: lev-tolstoi.com
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:27060
Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.microsoft.cM
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.steampowered.com/
Source: xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunit
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://checkout.steampowered.com/
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000B93000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://discokeyus.lat/
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/en/
Source: xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166567531.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/
Source: xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/2
Source: xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/R
Source: xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175745989.0000000000BE5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/api
Source: xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/apiHv
Source: xxLuwS60RS.exe, 00000000.00000002.2176810726.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lev-tolstoi.com/apie
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.steampowered.com/
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lv.queniujq.cn
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://medal.tv
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://player.vimeo.com
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s.ytimg.com;
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sketchfab.com
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steam.tv/
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast.akamaized.net
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/discussions/
Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/market/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BC3000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/workshop/
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/about/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/explore/
Source: xxLuwS60RS.exe, 00000000.00000002.2176857843.0000000000C35000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2166615935.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C1C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000BC2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/legal/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/mobile
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/news/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/points/shop/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/stats/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/recaptcha/
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: xxLuwS60RS.exe, 00000000.00000003.2166377880.0000000000C2C000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2145010991.0000000000C23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com
Source: xxLuwS60RS.exe, 00000000.00000003.2145046788.0000000000C05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown HTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.157.254:443 -> 192.168.2.5:49705 version: TLS 1.2

System Summary

barindex
Source: xxLuwS60RS.exe Static PE information: section name:
Source: xxLuwS60RS.exe Static PE information: section name: .idata
Source: xxLuwS60RS.exe Static PE information: section name:
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00058850 0_2_00058850
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0005ACF0 0_2_0005ACF0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B200C 0_2_000B200C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 0_2_0020D031
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C4028 0_2_000C4028
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B602D 0_2_000B602D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E9024 0_2_000E9024
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E8025 0_2_000E8025
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B5030 0_2_000B5030
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0018C059 0_2_0018C059
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F604B 0_2_000F604B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F006D 0_2_000F006D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FF068 0_2_000FF068
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F8063 0_2_000F8063
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FB07B 0_2_000FB07B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00217059 0_2_00217059
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CD0ED 0_2_000CD0ED
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BA0EE 0_2_000BA0EE
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DC0F7 0_2_000DC0F7
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CC12F 0_2_000CC12F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D9124 0_2_000D9124
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D4121 0_2_000D4121
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00282105 0_2_00282105
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EA133 0_2_000EA133
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F214E 0_2_000F214E
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CE168 0_2_000CE168
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00212144 0_2_00212144
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C8181 0_2_000C8181
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D7183 0_2_000D7183
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00072190 0_2_00072190
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C01A6 0_2_000C01A6
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0021C195 0_2_0021C195
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000591B0 0_2_000591B0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000731C2 0_2_000731C2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000741C0 0_2_000741C0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008B1D0 0_2_0008B1D0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000791DD 0_2_000791DD
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BE1E8 0_2_000BE1E8
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FE1FB 0_2_000FE1FB
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F31FA 0_2_000F31FA
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BC1F1 0_2_000BC1F1
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FB1F3 0_2_000FB1F3
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C620C 0_2_000C620C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00145215 0_2_00145215
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B7203 0_2_000B7203
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00065220 0_2_00065220
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E424F 0_2_000E424F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E624F 0_2_000E624F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00066263 0_2_00066263
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F7260 0_2_000F7260
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00056280 0_2_00056280
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E529D 0_2_000E529D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0006E290 0_2_0006E290
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F42A2 0_2_000F42A2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BD2B9 0_2_000BD2B9
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F12BA 0_2_000F12BA
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000752DD 0_2_000752DD
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0006B2E0 0_2_0006B2E0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EC2E9 0_2_000EC2E9
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EE2FC 0_2_000EE2FC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E32F2 0_2_000E32F2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0007830D 0_2_0007830D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00075327 0_2_00075327
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00054320 0_2_00054320
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EF326 0_2_000EF326
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F3325 0_2_000F3325
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00058330 0_2_00058330
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FE1FB 0_2_000FE1FB
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008F330 0_2_0008F330
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0007A33F 0_2_0007A33F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008D34D 0_2_0008D34D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E7349 0_2_000E7349
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FD376 0_2_000FD376
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C938E 0_2_000C938E
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00074380 0_2_00074380
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B2393 0_2_000B2393
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B53AE 0_2_000B53AE
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C53D1 0_2_000C53D1
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D23D2 0_2_000D23D2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000ED3E2 0_2_000ED3E2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FF3F9 0_2_000FF3F9
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C740B 0_2_000C740B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DA40A 0_2_000DA40A
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CA415 0_2_000CA415
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DD43F 0_2_000DD43F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F5436 0_2_000F5436
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E948A 0_2_000E948A
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0006148F 0_2_0006148F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F2496 0_2_000F2496
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DC4B2 0_2_000DC4B2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000791DD 0_2_000791DD
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E44D9 0_2_000E44D9
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000574F0 0_2_000574F0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F94F7 0_2_000F94F7
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00087500 0_2_00087500
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EA502 0_2_000EA502
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00072510 0_2_00072510
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CF514 0_2_000CF514
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F0513 0_2_000F0513
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CC532 0_2_000CC532
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FF54E 0_2_000FF54E
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D355F 0_2_000D355F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020B542 0_2_0020B542
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D2563 0_2_000D2563
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00059580 0_2_00059580
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0006759F 0_2_0006759F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D9594 0_2_000D9594
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C45CB 0_2_000C45CB
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B75EB 0_2_000B75EB
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00077603 0_2_00077603
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E6614 0_2_000E6614
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F7625 0_2_000F7625
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F4621 0_2_000F4621
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D0630 0_2_000D0630
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BF666 0_2_000BF666
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C0678 0_2_000C0678
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0011E666 0_2_0011E666
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B06AC 0_2_000B06AC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DF6BA 0_2_000DF6BA
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000786C0 0_2_000786C0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000766D0 0_2_000766D0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BD6D3 0_2_000BD6D3
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B36D6 0_2_000B36D6
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000736E2 0_2_000736E2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CD6F4 0_2_000CD6F4
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0021A72A 0_2_0021A72A
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00056710 0_2_00056710
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D372F 0_2_000D372F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008F720 0_2_0008F720
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F2735 0_2_000F2735
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C775C 0_2_000C775C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EF75B 0_2_000EF75B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E3754 0_2_000E3754
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F8752 0_2_000F8752
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DE78F 0_2_000DE78F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0005A780 0_2_0005A780
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D179E 0_2_000D179E
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00068792 0_2_00068792
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000ED79B 0_2_000ED79B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FA794 0_2_000FA794
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00065799 0_2_00065799
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DC7AE 0_2_000DC7AE
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B67BA 0_2_000B67BA
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FD7BD 0_2_000FD7BD
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DD7BE 0_2_000DD7BE
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000697C2 0_2_000697C2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0006E7C0 0_2_0006E7C0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E47EA 0_2_000E47EA
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E57E8 0_2_000E57E8
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DB81D 0_2_000DB81D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00088810 0_2_00088810
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0006682D 0_2_0006682D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BA83D 0_2_000BA83D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B084B 0_2_000B084B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C186F 0_2_000C186F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00073860 0_2_00073860
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008D880 0_2_0008D880
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C0885 0_2_000C0885
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D0895 0_2_000D0895
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CF890 0_2_000CF890
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CA8AE 0_2_000CA8AE
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000718A0 0_2_000718A0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EB8BC 0_2_000EB8BC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000788CB 0_2_000788CB
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D28DF 0_2_000D28DF
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E18EB 0_2_000E18EB
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B9908 0_2_000B9908
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CE926 0_2_000CE926
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D8921 0_2_000D8921
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00070939 0_2_00070939
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00080940 0_2_00080940
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020994B 0_2_0020994B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00053970 0_2_00053970
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F898D 0_2_000F898D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008D980 0_2_0008D980
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_002519B7 0_2_002519B7
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FF99C 0_2_000FF99C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00055990 0_2_00055990
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BF9A2 0_2_000BF9A2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C09BE 0_2_000C09BE
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EE9CC 0_2_000EE9CC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000679C1 0_2_000679C1
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EF9DE 0_2_000EF9DE
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EA9DF 0_2_000EA9DF
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FC9DC 0_2_000FC9DC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_002049CC 0_2_002049CC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CB9E1 0_2_000CB9E1
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EB9FA 0_2_000EB9FA
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F49F2 0_2_000F49F2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00210A2E 0_2_00210A2E
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FAA1B 0_2_000FAA1B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000AFA15 0_2_000AFA15
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B7A3E 0_2_000B7A3E
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D5A37 0_2_000D5A37
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0007CA49 0_2_0007CA49
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C8A42 0_2_000C8A42
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0007DA53 0_2_0007DA53
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008DA80 0_2_0008DA80
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D9AAB 0_2_000D9AAB
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C2AA6 0_2_000C2AA6
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B8AC0 0_2_000B8AC0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0007CAD0 0_2_0007CAD0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FDAD8 0_2_000FDAD8
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BDAD5 0_2_000BDAD5
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00218ACC 0_2_00218ACC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00086B08 0_2_00086B08
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EEB0A 0_2_000EEB0A
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DEB1C 0_2_000DEB1C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0007CB11 0_2_0007CB11
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B1B10 0_2_000B1B10
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0007CB22 0_2_0007CB22
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DCB3A 0_2_000DCB3A
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0006CB40 0_2_0006CB40
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00213B6B 0_2_00213B6B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00076B50 0_2_00076B50
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008DB60 0_2_0008DB60
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000AFB66 0_2_000AFB66
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E4B63 0_2_000E4B63
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DFB84 0_2_000DFB84
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C4B97 0_2_000C4B97
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000ECB91 0_2_000ECB91
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D3BA7 0_2_000D3BA7
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00105BA6 0_2_00105BA6
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F3BB5 0_2_000F3BB5
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B0BB4 0_2_000B0BB4
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0005EBC3 0_2_0005EBC3
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0005DBD9 0_2_0005DBD9
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CDBEA 0_2_000CDBEA
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EFBF6 0_2_000EFBF6
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0006DC00 0_2_0006DC00
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E8C04 0_2_000E8C04
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E5C17 0_2_000E5C17
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DBC11 0_2_000DBC11
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B3C2A 0_2_000B3C2A
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00079C2B 0_2_00079C2B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CCC4C 0_2_000CCC4C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F5C4C 0_2_000F5C4C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D1C58 0_2_000D1C58
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C7C6E 0_2_000C7C6E
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B5C6F 0_2_000B5C6F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00054C60 0_2_00054C60
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0006FC75 0_2_0006FC75
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C3C88 0_2_000C3C88
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D8C8B 0_2_000D8C8B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BAC9B 0_2_000BAC9B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0007AC90 0_2_0007AC90
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_002AAC8B 0_2_002AAC8B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008ECA0 0_2_0008ECA0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CBCA7 0_2_000CBCA7
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DDCBC 0_2_000DDCBC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CFCC4 0_2_000CFCC4
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C5CC6 0_2_000C5CC6
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F0CC2 0_2_000F0CC2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DCCDA 0_2_000DCCDA
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E7CEF 0_2_000E7CEF
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F8CE2 0_2_000F8CE2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D4CFA 0_2_000D4CFA
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0021DCD9 0_2_0021DCD9
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000EDCF6 0_2_000EDCF6
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DAD1E 0_2_000DAD1E
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CED28 0_2_000CED28
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D3D27 0_2_000D3D27
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0005CD46 0_2_0005CD46
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D2D51 0_2_000D2D51
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000DFD52 0_2_000DFD52
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BFD63 0_2_000BFD63
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D6DDB 0_2_000D6DDB
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F2DD1 0_2_000F2DD1
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00067DEE 0_2_00067DEE
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00087DF0 0_2_00087DF0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FDE09 0_2_000FDE09
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C1E2C 0_2_000C1E2C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F6E29 0_2_000F6E29
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00075E30 0_2_00075E30
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B0E4C 0_2_000B0E4C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BBE5F 0_2_000BBE5F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E0E5B 0_2_000E0E5B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BEE65 0_2_000BEE65
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00075E70 0_2_00075E70
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00086E74 0_2_00086E74
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B6E88 0_2_000B6E88
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0006DE80 0_2_0006DE80
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C8EB5 0_2_000C8EB5
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008AEC0 0_2_0008AEC0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00055EE0 0_2_00055EE0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E2EF0 0_2_000E2EF0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00120F19 0_2_00120F19
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C9F1B 0_2_000C9F1B
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D5F15 0_2_000D5F15
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00207F00 0_2_00207F00
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00073F20 0_2_00073F20
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FBF24 0_2_000FBF24
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D7F23 0_2_000D7F23
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00069F30 0_2_00069F30
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000E4F40 0_2_000E4F40
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00088F59 0_2_00088F59
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00052F50 0_2_00052F50
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00070F50 0_2_00070F50
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000FCF58 0_2_000FCF58
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C0F6D 0_2_000C0F6D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000BCF61 0_2_000BCF61
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000AFF79 0_2_000AFF79
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C4F8F 0_2_000C4F8F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000B8F8C 0_2_000B8F8C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000ECF83 0_2_000ECF83
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00061F90 0_2_00061F90
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000CCF96 0_2_000CCF96
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008EFB0 0_2_0008EFB0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D0FB2 0_2_000D0FB2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000F9FD8 0_2_000F9FD8
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0007DFE9 0_2_0007DFE9
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00162FEC 0_2_00162FEC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000D1FF7 0_2_000D1FF7
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000C6FF7 0_2_000C6FF7
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: String function: 00058030 appears 44 times
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: String function: 00064400 appears 65 times
Source: xxLuwS60RS.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: xxLuwS60RS.exe Static PE information: Section: ZLIB complexity 0.9973311750856164
Source: xxLuwS60RS.exe Static PE information: Section: bgzhtrqq ZLIB complexity 0.9948828005870692
Source: classification engine Classification label: mal100.troj.evad.winEXE@1/0@11/2
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_00080C70 CoCreateInstance, 0_2_00080C70
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: xxLuwS60RS.exe ReversingLabs: Detection: 60%
Source: xxLuwS60RS.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\xxLuwS60RS.exe File read: C:\Users\user\Desktop\xxLuwS60RS.exe Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: xxLuwS60RS.exe Static file information: File size 1843712 > 1048576
Source: xxLuwS60RS.exe Static PE information: Raw size of bgzhtrqq is bigger than: 0x100000 < 0x199e00

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Unpacked PE file: 0.2.xxLuwS60RS.exe.50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;bgzhtrqq:EW;xbodbsdh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;bgzhtrqq:EW;xbodbsdh:EW;.taggant:EW;
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
Source: xxLuwS60RS.exe Static PE information: real checksum: 0x1cb112 should be: 0x1cbb31
Source: xxLuwS60RS.exe Static PE information: section name:
Source: xxLuwS60RS.exe Static PE information: section name: .idata
Source: xxLuwS60RS.exe Static PE information: section name:
Source: xxLuwS60RS.exe Static PE information: section name: bgzhtrqq
Source: xxLuwS60RS.exe Static PE information: section name: xbodbsdh
Source: xxLuwS60RS.exe Static PE information: section name: .taggant
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000A8660 push 53A2F267h; mov dword ptr [esp], edx 0_2_000A8FEC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000A8660 push edx; mov dword ptr [esp], ebp 0_2_000A90E3
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000AC003 push 7E3E8221h; mov dword ptr [esp], esi 0_2_000AD15D
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push edi; mov dword ptr [esp], esp 0_2_0020D03A
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push ebx; mov dword ptr [esp], 7FDFD053h 0_2_0020D046
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push ecx; mov dword ptr [esp], esi 0_2_0020D105
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push edi; mov dword ptr [esp], edx 0_2_0020D149
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push ebp; mov dword ptr [esp], eax 0_2_0020D172
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push 285C4AE0h; mov dword ptr [esp], esi 0_2_0020D17F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push esi; mov dword ptr [esp], 4FD1D1E5h 0_2_0020D206
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push ebx; mov dword ptr [esp], eax 0_2_0020D296
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push eax; mov dword ptr [esp], esi 0_2_0020D2A6
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push edi; mov dword ptr [esp], edx 0_2_0020D369
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push edx; mov dword ptr [esp], eax 0_2_0020D3B4
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push edi; mov dword ptr [esp], 57D57727h 0_2_0020D489
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push 08F2E21Ah; mov dword ptr [esp], edx 0_2_0020D525
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push ecx; mov dword ptr [esp], 04CB63B8h 0_2_0020D529
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push edi; mov dword ptr [esp], 62E24400h 0_2_0020D545
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push ecx; mov dword ptr [esp], eax 0_2_0020D56C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push ecx; mov dword ptr [esp], eax 0_2_0020D590
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push esi; mov dword ptr [esp], ebp 0_2_0020D5C1
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push eax; mov dword ptr [esp], 1E688F00h 0_2_0020D5E6
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push ebp; mov dword ptr [esp], 148F4BD8h 0_2_0020D66C
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push 75EE842Bh; mov dword ptr [esp], esi 0_2_0020D6F5
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push esi; mov dword ptr [esp], edx 0_2_0020D747
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push ebx; mov dword ptr [esp], edx 0_2_0020D76F
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push esi; mov dword ptr [esp], 7B1A590Bh 0_2_0020D780
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push ebx; mov dword ptr [esp], eax 0_2_0020D82E
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push ebp; mov dword ptr [esp], edi 0_2_0020D8B0
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push 591CFDE5h; mov dword ptr [esp], edi 0_2_0020DA2E
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0020D031 push esi; mov dword ptr [esp], edx 0_2_0020DACA
Source: xxLuwS60RS.exe Static PE information: section name: entropy: 7.973868769187426
Source: xxLuwS60RS.exe Static PE information: section name: bgzhtrqq entropy: 7.953670694283733

Boot Survival

barindex
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\xxLuwS60RS.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 222E9A second address: 222EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B05h 0x00000009 pop esi 0x0000000a jmp 00007F6098E62AFCh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 211C92 second address: 211C98 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 221F09 second address: 221F22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B05h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2221F2 second address: 222206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F6098E966B6h 0x0000000a pop ecx 0x0000000b ja 00007F6098E966BEh 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 22260A second address: 22260E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 22260E second address: 222612 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 222612 second address: 222618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 222761 second address: 222784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F6098E966BCh 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e jnc 00007F6098E966B6h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 222784 second address: 22279D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F6098E62AF6h 0x0000000a pop edx 0x0000000b jmp 00007F6098E62AFEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 22279D second address: 2227BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966C8h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 224E66 second address: 224E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 224E6A second address: A79F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 6B30001Eh 0x0000000d pushad 0x0000000e mov dword ptr [ebp+122D2957h], ebx 0x00000014 add dword ptr [ebp+122D1B7Dh], esi 0x0000001a popad 0x0000001b jne 00007F6098E966B7h 0x00000021 push dword ptr [ebp+122D0929h] 0x00000027 jmp 00007F6098E966C3h 0x0000002c or edi, dword ptr [ebp+122D37C3h] 0x00000032 call dword ptr [ebp+122D28F8h] 0x00000038 pushad 0x00000039 stc 0x0000003a jl 00007F6098E966C2h 0x00000040 xor eax, eax 0x00000042 jmp 00007F6098E966BEh 0x00000047 mov edx, dword ptr [esp+28h] 0x0000004b stc 0x0000004c mov dword ptr [ebp+122D36C3h], eax 0x00000052 mov dword ptr [ebp+122D191Dh], eax 0x00000058 mov esi, 0000003Ch 0x0000005d xor dword ptr [ebp+122D2334h], esi 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 clc 0x00000068 lodsw 0x0000006a mov dword ptr [ebp+122D34CCh], eax 0x00000070 add eax, dword ptr [esp+24h] 0x00000074 jmp 00007F6098E966C3h 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d pushad 0x0000007e mov edx, dword ptr [ebp+122D36BBh] 0x00000084 pushad 0x00000085 jne 00007F6098E966B6h 0x0000008b sub dword ptr [ebp+122D2334h], ecx 0x00000091 popad 0x00000092 popad 0x00000093 push eax 0x00000094 jnl 00007F6098E966C0h 0x0000009a push eax 0x0000009b push edx 0x0000009c push esi 0x0000009d pop esi 0x0000009e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 224EBE second address: 224F12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 and esi, 2A9D9B1Dh 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F6098E62AF8h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b call 00007F6098E62AF9h 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 jmp 00007F6098E62B04h 0x00000038 jno 00007F6098E62AF6h 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 224F12 second address: 224F17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 224F17 second address: 224F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jo 00007F6098E62AFEh 0x00000010 push ebx 0x00000011 ja 00007F6098E62AF6h 0x00000017 pop ebx 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c pushad 0x0000001d ja 00007F6098E62AFCh 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 224F44 second address: 224F7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c jo 00007F6098E966C4h 0x00000012 jmp 00007F6098E966BEh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 224F7D second address: 224F8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6098E62AFAh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 224F8F second address: 224F93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 225140 second address: 225166 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6098E62AF8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F6098E62B01h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push esi 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 225166 second address: 225190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop esi 0x00000008 mov eax, dword ptr [eax] 0x0000000a push edi 0x0000000b jmp 00007F6098E966C4h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 225190 second address: 22519A instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E62AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 22519A second address: 2251A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966BBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2251A9 second address: 2251E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov esi, ebx 0x0000000b lea ebx, dword ptr [ebp+12450DC5h] 0x00000011 add dword ptr [ebp+122D289Fh], eax 0x00000017 xchg eax, ebx 0x00000018 push esi 0x00000019 push eax 0x0000001a push esi 0x0000001b pop esi 0x0000001c pop eax 0x0000001d pop esi 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F6098E62B08h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 225235 second address: 225239 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 225239 second address: 22523F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 22523F second address: 225267 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jnl 00007F6098E966B6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 mov dx, bx 0x00000014 push 00000000h 0x00000016 add dl, FFFFFF85h 0x00000019 push 3EE7B437h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jl 00007F6098E966B6h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 225267 second address: 225279 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62AFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 225279 second address: 225293 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966C6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 237408 second address: 23740C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 218577 second address: 21857D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 21857D second address: 218581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 218581 second address: 218585 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 218585 second address: 2185A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F6098E62AF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F6098E62B08h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2185A9 second address: 2185EE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6098E966C2h 0x00000008 jmp 00007F6098E966C8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F6098E966C2h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2185EE second address: 2185F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2185F2 second address: 21860D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F6098E966BDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 21860D second address: 218611 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2457C2 second address: 2457DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F6098E966C0h 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2457DD second address: 2457E2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 245AA4 second address: 245ACB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F6098E966D1h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 245ACB second address: 245AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F6098E62AF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 245AD7 second address: 245ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 245ADB second address: 245ADF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 245C3E second address: 245C42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 245D6D second address: 245D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6098E62B01h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2460A7 second address: 2460E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BAh 0x00000007 jc 00007F6098E966B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jnc 00007F6098E966B6h 0x00000016 jmp 00007F6098E966C5h 0x0000001b jmp 00007F6098E966BFh 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2460E7 second address: 24611A instructions: 0x00000000 rdtsc 0x00000002 je 00007F6098E62B13h 0x00000008 jmp 00007F6098E62B07h 0x0000000d jbe 00007F6098E62AF6h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 jns 00007F6098E62B06h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e pop eax 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 24611A second address: 24611E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 24651E second address: 246522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 24713F second address: 247143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 247143 second address: 247147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2472B8 second address: 2472BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2472BD second address: 2472D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F6098E62AF6h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2472D2 second address: 2472ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E966C5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2472ED second address: 2472F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2472F8 second address: 247309 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 249A03 second address: 249A3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007F6098E62B04h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F6098E62B04h 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 248434 second address: 248442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 21A18F second address: 21A1A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B06h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25148B second address: 25148F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25148F second address: 251493 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2519A8 second address: 2519B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2567C1 second address: 2567C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2567C5 second address: 2567C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2567C9 second address: 2567D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2567D3 second address: 2567D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2567D7 second address: 25680D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 7F6D9961h 0x0000000e add dword ptr [ebp+12451DB2h], eax 0x00000014 push F3F35BB8h 0x00000019 pushad 0x0000001a jo 00007F6098E62AF8h 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F6098E62B02h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25680D second address: 256811 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 256CE8 second address: 256CEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 256CEE second address: 256CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 256CF2 second address: 256D1F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d ja 00007F6098E62AF6h 0x00000013 popad 0x00000014 pushad 0x00000015 jmp 00007F6098E62B06h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 256E4E second address: 256E54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 256E54 second address: 256E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 256E58 second address: 256E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 256FD5 second address: 256FD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 256FD9 second address: 256FEB instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25756C second address: 257570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 257570 second address: 2575A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6098E966BBh 0x00000008 jmp 00007F6098E966C4h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F6098E966BCh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2575A4 second address: 2575AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F6098E62AF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2575AE second address: 2575B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25777E second address: 257784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2579B1 second address: 2579C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966BFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 258EA1 second address: 258EA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25AF34 second address: 25AF3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25AF3A second address: 25AF58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F6098E62B01h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25AF58 second address: 25AF5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25BA22 second address: 25BA82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007F6098E62AF8h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 xor di, 5D3Bh 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007F6098E62AF8h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 00000019h 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 cld 0x00000048 push eax 0x00000049 pushad 0x0000004a jbe 00007F6098E62AFCh 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25B80E second address: 25B813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25BA82 second address: 25BA8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25B813 second address: 25B82C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966C5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25D076 second address: 25D103 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6098E62AF8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F6098E62AF8h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 sbb di, C68Bh 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edx 0x00000031 call 00007F6098E62AF8h 0x00000036 pop edx 0x00000037 mov dword ptr [esp+04h], edx 0x0000003b add dword ptr [esp+04h], 0000001Ch 0x00000043 inc edx 0x00000044 push edx 0x00000045 ret 0x00000046 pop edx 0x00000047 ret 0x00000048 push 00000000h 0x0000004a push 00000000h 0x0000004c push esi 0x0000004d call 00007F6098E62AF8h 0x00000052 pop esi 0x00000053 mov dword ptr [esp+04h], esi 0x00000057 add dword ptr [esp+04h], 00000014h 0x0000005f inc esi 0x00000060 push esi 0x00000061 ret 0x00000062 pop esi 0x00000063 ret 0x00000064 xchg eax, ebx 0x00000065 jmp 00007F6098E62B01h 0x0000006a push eax 0x0000006b push eax 0x0000006c push eax 0x0000006d push edx 0x0000006e push esi 0x0000006f pop esi 0x00000070 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 210222 second address: 21022C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6098E966BEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 21BCBA second address: 21BCDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6098E62B07h 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25D850 second address: 25D854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25D854 second address: 25D859 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25E3C7 second address: 25E3D5 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25D859 second address: 25D879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F6098E62B06h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2643D8 second address: 2643E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25E3D5 second address: 25E3D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 26530C second address: 2653A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 nop 0x00000007 jmp 00007F6098E966BFh 0x0000000c push dword ptr fs:[00000000h] 0x00000013 or di, 6868h 0x00000018 mov dword ptr fs:[00000000h], esp 0x0000001f sbb di, AB90h 0x00000024 mov eax, dword ptr [ebp+122D09B1h] 0x0000002a push 00000000h 0x0000002c push esi 0x0000002d call 00007F6098E966B8h 0x00000032 pop esi 0x00000033 mov dword ptr [esp+04h], esi 0x00000037 add dword ptr [esp+04h], 00000016h 0x0000003f inc esi 0x00000040 push esi 0x00000041 ret 0x00000042 pop esi 0x00000043 ret 0x00000044 mov dword ptr [ebp+122D28ACh], eax 0x0000004a mov di, D523h 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push eax 0x00000053 call 00007F6098E966B8h 0x00000058 pop eax 0x00000059 mov dword ptr [esp+04h], eax 0x0000005d add dword ptr [esp+04h], 00000018h 0x00000065 inc eax 0x00000066 push eax 0x00000067 ret 0x00000068 pop eax 0x00000069 ret 0x0000006a call 00007F6098E966BEh 0x0000006f push edx 0x00000070 mov ebx, dword ptr [ebp+124737B6h] 0x00000076 pop ebx 0x00000077 pop ebx 0x00000078 push eax 0x00000079 push eax 0x0000007a push edx 0x0000007b push edi 0x0000007c push eax 0x0000007d push edx 0x0000007e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 266197 second address: 26619B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2643E2 second address: 2643E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2653A7 second address: 2653AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2643E6 second address: 2643EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2671F5 second address: 2671F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2671F9 second address: 2671FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 266308 second address: 266318 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 266318 second address: 26631E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 26631E second address: 266323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 266323 second address: 2663AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a xor ebx, 50F193C1h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 sub dword ptr [ebp+122D296Bh], ebx 0x0000001d mov edi, esi 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007F6098E966B8h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 00000017h 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 mov dword ptr [ebp+1246F3D2h], esi 0x00000046 mov dword ptr [ebp+122D2890h], edi 0x0000004c mov eax, dword ptr [ebp+122D0C25h] 0x00000052 jnl 00007F6098E966C3h 0x00000058 jns 00007F6098E966B9h 0x0000005e push FFFFFFFFh 0x00000060 sub dword ptr [ebp+122D26DDh], ebx 0x00000066 nop 0x00000067 push esi 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2663AF second address: 2663B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 268234 second address: 26824C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6098E966C1h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 267386 second address: 26738A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 26738A second address: 2673C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F6098E966C9h 0x0000000e pushad 0x0000000f jmp 00007F6098E966C4h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 26BAF0 second address: 26BAF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 26F792 second address: 26F797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2706E0 second address: 2706E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2706E4 second address: 270742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 add dword ptr [ebp+122D1B89h], edx 0x0000000f mov edi, dword ptr [ebp+122D38D7h] 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007F6098E966B8h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 00000014h 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ebp 0x00000036 call 00007F6098E966B8h 0x0000003b pop ebp 0x0000003c mov dword ptr [esp+04h], ebp 0x00000040 add dword ptr [esp+04h], 0000001Ah 0x00000048 inc ebp 0x00000049 push ebp 0x0000004a ret 0x0000004b pop ebp 0x0000004c ret 0x0000004d xchg eax, esi 0x0000004e push edi 0x0000004f pushad 0x00000050 push edx 0x00000051 pop edx 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 26DACD second address: 26DAD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 26DAD3 second address: 26DAD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 26DAD7 second address: 26DADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 26CB0C second address: 26CB16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F6098E966B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 27269F second address: 2726B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnc 00007F6098E62B00h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2726B0 second address: 272731 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007F6098E966B8h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 mov dword ptr [ebp+122D2300h], edi 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c call 00007F6098E966B8h 0x00000031 pop ecx 0x00000032 mov dword ptr [esp+04h], ecx 0x00000036 add dword ptr [esp+04h], 0000001Ch 0x0000003e inc ecx 0x0000003f push ecx 0x00000040 ret 0x00000041 pop ecx 0x00000042 ret 0x00000043 call 00007F6098E966C2h 0x00000048 mov bx, di 0x0000004b pop edi 0x0000004c push 00000000h 0x0000004e push eax 0x0000004f push ecx 0x00000050 pushad 0x00000051 popad 0x00000052 pop ebx 0x00000053 pop ebx 0x00000054 mov dword ptr [ebp+122D289Ah], ecx 0x0000005a xchg eax, esi 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 pop eax 0x00000061 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 272731 second address: 272745 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2718C1 second address: 2718C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2718C7 second address: 271968 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6098E62AFCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push ecx 0x0000000c jmp 00007F6098E62B09h 0x00000011 pop ebx 0x00000012 jmp 00007F6098E62B00h 0x00000017 push dword ptr fs:[00000000h] 0x0000001e mov di, ax 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 mov ebx, dword ptr [ebp+122D3827h] 0x0000002e mov eax, dword ptr [ebp+122D0965h] 0x00000034 mov dword ptr [ebp+122D2710h], ecx 0x0000003a push FFFFFFFFh 0x0000003c push 00000000h 0x0000003e push edx 0x0000003f call 00007F6098E62AF8h 0x00000044 pop edx 0x00000045 mov dword ptr [esp+04h], edx 0x00000049 add dword ptr [esp+04h], 00000019h 0x00000051 inc edx 0x00000052 push edx 0x00000053 ret 0x00000054 pop edx 0x00000055 ret 0x00000056 call 00007F6098E62B02h 0x0000005b mov edi, esi 0x0000005d pop ebx 0x0000005e nop 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 jbe 00007F6098E62AF6h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 271968 second address: 271971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 273766 second address: 27376A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 272967 second address: 272977 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 27389F second address: 2738A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 27A9EC second address: 27AA00 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jp 00007F6098E966CBh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 27B464 second address: 27B46A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 27E2AD second address: 27E2BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F6098E966BEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 27E2BA second address: 27E2C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 27E2C0 second address: 27E2CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F6098E966B6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 27E5C0 second address: 27E5C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 284D45 second address: 284D66 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d ja 00007F6098E966B6h 0x00000013 jmp 00007F6098E966BDh 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 284D66 second address: 284DA6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6098E62B0Fh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6098E62B07h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 284E0B second address: 284E1E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F6098E966BAh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 288F77 second address: 288F7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 288F7F second address: 288F91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F6098E966B6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 288F91 second address: 288F9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007F6098E62AF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28922C second address: 289231 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 289231 second address: 289239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2893C3 second address: 2893C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28EFE1 second address: 28EFE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28EFE6 second address: 28EFEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28EFEC second address: 28EFF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28EFF0 second address: 28EFF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28DEC6 second address: 28DECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2538E8 second address: 2538EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2538EC second address: 23D691 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6098E62AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007F6098E62AF8h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 push eax 0x00000014 jno 00007F6098E62AFEh 0x0000001a nop 0x0000001b mov edx, dword ptr [ebp+122D2799h] 0x00000021 call dword ptr [ebp+122D3517h] 0x00000027 push eax 0x00000028 push edx 0x00000029 jbe 00007F6098E62AF8h 0x0000002f push ebx 0x00000030 pop ebx 0x00000031 jl 00007F6098E62AF8h 0x00000037 push eax 0x00000038 pop eax 0x00000039 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 253F2D second address: 253F7A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F6098E966B6h 0x0000000d jmp 00007F6098E966C8h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 jnp 00007F6098E966B8h 0x0000001c pushad 0x0000001d jmp 00007F6098E966C9h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 253F7A second address: 253F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 253F8C second address: 25402B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6098E966B8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f pushad 0x00000010 jng 00007F6098E966B6h 0x00000016 jmp 00007F6098E966C9h 0x0000001b popad 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 jmp 00007F6098E966BDh 0x00000026 pop eax 0x00000027 mov ecx, esi 0x00000029 jmp 00007F6098E966C0h 0x0000002e call 00007F6098E966B9h 0x00000033 jmp 00007F6098E966BCh 0x00000038 push eax 0x00000039 jmp 00007F6098E966BDh 0x0000003e mov eax, dword ptr [esp+04h] 0x00000042 jmp 00007F6098E966BBh 0x00000047 mov eax, dword ptr [eax] 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F6098E966C4h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25402B second address: 254059 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62AFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6098E62B04h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 254059 second address: 25405D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 254170 second address: 254174 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 254174 second address: 25417D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 25417D second address: 254183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2548A9 second address: 2548DB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6098E966C1h 0x00000008 jmp 00007F6098E966BBh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [esp], eax 0x00000012 pushad 0x00000013 mov dword ptr [ebp+122D2455h], edx 0x00000019 mov edi, dword ptr [ebp+122D38F7h] 0x0000001f popad 0x00000020 push 0000001Eh 0x00000022 or dx, 3887h 0x00000027 push eax 0x00000028 pushad 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2548DB second address: 2548F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B04h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 254A5C second address: 254A77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 254A77 second address: 254A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 254C07 second address: 254C0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 254C0B second address: 254C49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62AFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov eax, dword ptr [eax] 0x0000000c jnp 00007F6098E62B0Fh 0x00000012 ja 00007F6098E62B09h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f push esi 0x00000020 pop esi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 254CDC second address: 254CE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28E2D9 second address: 28E2E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62AFAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28E2E7 second address: 28E317 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6098E966C1h 0x0000000b pushad 0x0000000c jmp 00007F6098E966BDh 0x00000011 jnc 00007F6098E966B8h 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28E456 second address: 28E45B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28E84D second address: 28E864 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F6098E966C1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28EB89 second address: 28EB8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 28EB8F second address: 28EB9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F6098E966B6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 292545 second address: 292549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 292549 second address: 292580 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F6098E966C2h 0x0000000c pop eax 0x0000000d je 00007F6098E966D2h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 ja 00007F6098E966B6h 0x0000001c jnl 00007F6098E966B6h 0x00000022 popad 0x00000023 jc 00007F6098E966BCh 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 297CD5 second address: 297CE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 297CE1 second address: 297D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F6098E966B6h 0x0000000a popad 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e jmp 00007F6098E966C6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 297D07 second address: 297D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62AFBh 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 297D1A second address: 297D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007F6098E966BDh 0x00000012 push edi 0x00000013 pop edi 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 popad 0x00000017 push ebx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a push edx 0x0000001b pop edx 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 296BA7 second address: 296BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 296BB3 second address: 296BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 296BB8 second address: 296BC3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jp 00007F6098E62AF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 296D1B second address: 296D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 296D21 second address: 296D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 296D26 second address: 296D52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F6098E966C9h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F6098E966C1h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 296D52 second address: 296D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F6098E62AF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 297056 second address: 297070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F6098E966C3h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 297070 second address: 297080 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6098E62AF6h 0x00000008 jng 00007F6098E62AF6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 297215 second address: 297227 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 297227 second address: 29722B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 29722B second address: 297236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 297236 second address: 29723C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2974C2 second address: 2974DB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F6098E966BCh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2974DB second address: 2974E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2974E1 second address: 2974F1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F6098E966B6h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2974F1 second address: 2974F7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 297A3E second address: 297A43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 297A43 second address: 297A48 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 29E5C3 second address: 29E5C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 29D23D second address: 29D243 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 29D243 second address: 29D247 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 29D391 second address: 29D3DB instructions: 0x00000000 rdtsc 0x00000002 js 00007F6098E62AF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jl 00007F6098E62AF6h 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 push edx 0x00000018 pop edx 0x00000019 popad 0x0000001a push edi 0x0000001b pushad 0x0000001c popad 0x0000001d pop edi 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 je 00007F6098E62B11h 0x00000027 push eax 0x00000028 push edx 0x00000029 jne 00007F6098E62AF6h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 29D3DB second address: 29D3E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 29D3E3 second address: 29D3E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 29D527 second address: 29D533 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007F6098E966B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 29DD18 second address: 29DD40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F6098E62AFDh 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6098E62B04h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 29DD40 second address: 29DD46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 29DD46 second address: 29DD4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2A3C88 second address: 2A3C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2A6D8D second address: 2A6D98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2A6D98 second address: 2A6DB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f push ecx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 pop eax 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2A6630 second address: 2A663F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jng 00007F6098E62AF6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2A663F second address: 2A6676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F6098E966C2h 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6098E966C6h 0x00000013 jnc 00007F6098E966B6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2A68F9 second address: 2A6928 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B06h 0x00000007 jmp 00007F6098E62AFDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007F6098E62AF6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AAF42 second address: 2AAF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AAF4D second address: 2AAF51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AAF51 second address: 2AAF5F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AAF5F second address: 2AAF96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B02h 0x00000007 jmp 00007F6098E62AFFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6098E62AFFh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AAF96 second address: 2AAFA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F6098E966B6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AB234 second address: 2AB244 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62AFCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AB244 second address: 2AB281 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6098E966C4h 0x0000000b push edi 0x0000000c jmp 00007F6098E966C2h 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a jc 00007F6098E966B6h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AB41D second address: 2AB429 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F6098E62AF6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AB429 second address: 2AB439 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AB58D second address: 2AB592 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AB592 second address: 2AB5B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jc 00007F6098E966B6h 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f jnl 00007F6098E966BAh 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c jl 00007F6098E966B6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AB5B8 second address: 2AB5BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AB5BC second address: 2AB5C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2AE67C second address: 2AE698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62AFDh 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jns 00007F6098E62AF6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2B467D second address: 2B468B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F6098E966BCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2B468B second address: 2B46C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F6098E62B02h 0x0000000d jmp 00007F6098E62AFCh 0x00000012 pushad 0x00000013 jng 00007F6098E62AF6h 0x00000019 pushad 0x0000001a popad 0x0000001b jmp 00007F6098E62B00h 0x00000020 pushad 0x00000021 popad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2B46C0 second address: 2B46CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F6098E966B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2B46CB second address: 2B46D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2B31C3 second address: 2B31D0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2B31D0 second address: 2B31D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2B32FD second address: 2B3308 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2B3624 second address: 2B3631 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2546D8 second address: 2546DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2546DC second address: 2546E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2B38EB second address: 2B38F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2B38F1 second address: 2B3913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B05h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F6098E62AF6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2B3913 second address: 2B393E instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6098E966B6h 0x00000008 jl 00007F6098E966B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F6098E966C9h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2BACDA second address: 2BACF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E62B09h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2BACF7 second address: 2BAD20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F6098E966BBh 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2BAD20 second address: 2BAD2A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6098E62AF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2BAFDD second address: 2BAFE7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E966BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2BC6A4 second address: 2BC6AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2C202A second address: 2C2030 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2094B5 second address: 2094BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2C5FC2 second address: 2C5FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2C5FC8 second address: 2C5FE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62AFBh 0x00000007 jo 00007F6098E62AF6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2C5FE1 second address: 2C5FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2C5311 second address: 2C531E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push esi 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2C579B second address: 2C57B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop ecx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2C57B8 second address: 2C57BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2C5968 second address: 2C5972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CDACC second address: 2CDAE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F6098E62AFAh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CDAE8 second address: 2CDAEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CDAEC second address: 2CDB05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F6098E62AFFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CDF59 second address: 2CDF5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CDF5D second address: 2CDF7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F6098E62B09h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CDF7C second address: 2CDFA3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F6098E966C9h 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d js 00007F6098E966B6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CDFA3 second address: 2CDFC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B06h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CDFC4 second address: 2CDFC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CE10E second address: 2CE114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CE3FC second address: 2CE42A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F6098E966BCh 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F6098E966C9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CE42A second address: 2CE431 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CE6C7 second address: 2CE6CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CF0D9 second address: 2CF0DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CF0DE second address: 2CF103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F6098E966BEh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CF103 second address: 2CF107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CF107 second address: 2CF111 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F6098E966B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CF111 second address: 2CF137 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6098E62B11h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CF137 second address: 2CF13D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CF13D second address: 2CF143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2CF818 second address: 2CF83F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F6098E966BEh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2D2EE0 second address: 2D2EE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2D6E65 second address: 2D6E74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E3851 second address: 2E3859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E3859 second address: 2E3863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E58DA second address: 2E58DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E58DE second address: 2E5911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F6098E966C8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F6098E966C5h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E5911 second address: 2E592D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F6098E62B03h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E592D second address: 2E594C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a jmp 00007F6098E966C3h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E594C second address: 2E5951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E5951 second address: 2E5957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E5957 second address: 2E595B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E556E second address: 2E5597 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BBh 0x00000007 jmp 00007F6098E966BAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 jne 00007F6098E966B6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E5597 second address: 2E559B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E559B second address: 2E55B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E966C8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E55B9 second address: 2E55BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E6E63 second address: 2E6E69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2E6E69 second address: 2E6E99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jns 00007F6098E62B0Bh 0x0000000d jmp 00007F6098E62AFBh 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2F7241 second address: 2F724B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F6098E966B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2F70BA second address: 2F70D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B09h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2F70D7 second address: 2F7105 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F6098E966B8h 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 jmp 00007F6098E966BDh 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2FE7FD second address: 2FE81C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jo 00007F6098E62AF6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2FE81C second address: 2FE821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2FD24C second address: 2FD250 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2FD4FD second address: 2FD501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2FD501 second address: 2FD50D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F6098E62AF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2FD50D second address: 2FD530 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6098E966BAh 0x00000009 jmp 00007F6098E966C5h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2FD7BC second address: 2FD7C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2FD7C0 second address: 2FD7D3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 jp 00007F6098E966B8h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2FD7D3 second address: 2FD7D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2FD7D9 second address: 2FD7DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 2FD8F8 second address: 2FD909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62AFDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 300E4C second address: 300E58 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 300E58 second address: 300E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 300E5C second address: 300E6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F6098E966B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 300CDA second address: 300CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 300CE0 second address: 300D02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push ecx 0x00000008 jno 00007F6098E966B6h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6098E966C1h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 300D02 second address: 300D08 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 303509 second address: 303531 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F6098E966D1h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 303531 second address: 30353D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F6098E62AF6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 303674 second address: 303679 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 303679 second address: 303688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F6098E62AF6h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 312099 second address: 3120A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 30DAB1 second address: 30DAC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 jng 00007F6098E62AF6h 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 31FFBD second address: 31FFC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 31FFC3 second address: 31FFE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jnc 00007F6098E62AF6h 0x0000000c jl 00007F6098E62AF6h 0x00000012 pop edx 0x00000013 popad 0x00000014 jns 00007F6098E62B08h 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d pushad 0x0000001e popad 0x0000001f push edi 0x00000020 pop edi 0x00000021 popad 0x00000022 push ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 320133 second address: 320139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 320139 second address: 32013F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 32013F second address: 320143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 320143 second address: 320161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6098E62B05h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 320161 second address: 32016B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 333C83 second address: 333C88 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 333F76 second address: 333F9C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6098E966C2h 0x00000008 jmp 00007F6098E966BCh 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 jmp 00007F6098E966BEh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 333F9C second address: 333FCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E62B00h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jmp 00007F6098E62B02h 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 333FCC second address: 333FEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6098E966C2h 0x00000007 jmp 00007F6098E966BAh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 334166 second address: 33416C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 33472A second address: 334736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push esi 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 334B8C second address: 334BA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F6098E62AF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007F6098E62AF6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 334BA0 second address: 334BA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 3364A4 second address: 3364AA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 33A890 second address: 33A894 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe RDTSC instruction interceptor: First address: 33C736 second address: 33C73B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Special instruction interceptor: First address: A799D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Special instruction interceptor: First address: A7A75 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Special instruction interceptor: First address: 249AD8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Special instruction interceptor: First address: 2485B8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Special instruction interceptor: First address: 248CB1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Special instruction interceptor: First address: 24827B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Special instruction interceptor: First address: 27B4AB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Special instruction interceptor: First address: 253A0C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Special instruction interceptor: First address: 2D852C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000A80EC rdtsc 0_2_000A80EC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe TID: 5068 Thread sleep time: -120000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe TID: 5696 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: xxLuwS60RS.exe, xxLuwS60RS.exe, 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176514160.0000000000B78000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176738875.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: xxLuwS60RS.exe, 00000000.00000003.2166446971.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000003.2175671341.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, xxLuwS60RS.exe, 00000000.00000002.2176738875.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWL
Source: xxLuwS60RS.exe, 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\xxLuwS60RS.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\xxLuwS60RS.exe File opened: NTICE
Source: C:\Users\user\Desktop\xxLuwS60RS.exe File opened: SICE
Source: C:\Users\user\Desktop\xxLuwS60RS.exe File opened: SIWVID
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_000A80EC rdtsc 0_2_000A80EC
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Code function: 0_2_0008C1F0 LdrInitializeThunk, 0_2_0008C1F0

HIPS / PFW / Operating System Protection Evasion

barindex
Source: xxLuwS60RS.exe String found in binary or memory: rapeflowwj.lat
Source: xxLuwS60RS.exe String found in binary or memory: crosshuaht.lat
Source: xxLuwS60RS.exe String found in binary or memory: sustainskelet.lat
Source: xxLuwS60RS.exe String found in binary or memory: aspecteirs.lat
Source: xxLuwS60RS.exe String found in binary or memory: energyaffai.lat
Source: xxLuwS60RS.exe String found in binary or memory: necklacebudi.lat
Source: xxLuwS60RS.exe String found in binary or memory: discokeyus.lat
Source: xxLuwS60RS.exe String found in binary or memory: grannyejh.lat
Source: xxLuwS60RS.exe String found in binary or memory: sweepyribs.lat
Source: xxLuwS60RS.exe, xxLuwS60RS.exe, 00000000.00000002.2175942192.000000000022B000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager
Source: C:\Users\user\Desktop\xxLuwS60RS.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information

barindex
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

barindex
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs