Windows Analysis Report
44EPDJT1V8.exe

Overview

General Information

Sample name:	44EPDJT1V8.exe renamed because original name is a hash value
Original sample name:	a3571453e79576dfa561f638ea11aa54.exe
Analysis ID:	1579766
MD5:	a3571453e79576dfa561f638ea11aa54
SHA1:	9f6a92b26efda469c87c3ca11137af3f4d676727
SHA256:	106088a34ac513804b7c2a73ef9462863f0870d6ccfecee611e43d8258d959d1
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 44EPDJT1V8.exe

Avira: detected

Found malware configuration

Source: 44EPDJT1V8.exe.3416.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["rapeflowwj.lat", "discokeyus.lat", "sweepyribs.lat", "necklacebudi.lat", "crosshuaht.lat", "sustainskelet.lat", "grannyejh.lat", "aspecteirs.lat", "energyaffai.lat"], "Build id": "YCy--"}

Multi AV Scanner detection for submitted file

Source: 44EPDJT1V8.exe	Virustotal: Detection: 58%			Perma Link
Source: 44EPDJT1V8.exe	ReversingLabs: Detection: 60%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 44EPDJT1V8.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: rapeflowwj.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: crosshuaht.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: sustainskelet.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: aspecteirs.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: energyaffai.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: necklacebudi.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: discokeyus.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: grannyejh.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: sweepyribs.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Uses 32bit PE files

Source: 44EPDJT1V8.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49707 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]	0_2_00ADC767
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov edx, ecx	0_2_00AA9C4A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, esi	0_2_00AC2190
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ebx], cx	0_2_00AC2190
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	0_2_00AC2190
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]	0_2_00AB6263
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then jmp dword ptr [00AE450Ch]	0_2_00AB8591
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h	0_2_00AD85E0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then jmp eax	0_2_00AD85E0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov eax, dword ptr [00AE473Ch]	0_2_00ABC653
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]	0_2_00ABE7C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00ACA700
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, edx	0_2_00AAC8B6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+4B6A4A26h]	0_2_00AAC8B6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00AB682D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]	0_2_00AB682D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]	0_2_00AB682D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov edx, ecx	0_2_00AD8810
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh	0_2_00AD8810
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh	0_2_00AD8810
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then test eax, eax	0_2_00AD8810
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then push ebx	0_2_00ADCA93
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00ACCAD0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00ACCA49
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00AC6B95
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00ACCB22
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00ACCB11
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AC8B61
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00ABCB40
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_00ABCB40
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	0_2_00ADECA0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov eax, dword ptr [ebp-68h]	0_2_00AC8D93
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ecx, eax	0_2_00ADAEC0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	0_2_00ADEFB0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then xor byte ptr [esp+eax+17h], al	0_2_00AA8F50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00AA8F50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then push C0BFD6CCh	0_2_00AC3086
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then push C0BFD6CCh	0_2_00AC3086
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00AC91DD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	0_2_00AC91DD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h	0_2_00ADB1D0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, eax	0_2_00ADB1D0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_00ACB170
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ebx], ax	0_2_00ABB2E0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]	0_2_00AB5220
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	0_2_00AB7380
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h	0_2_00ABD380
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax]	0_2_00ADF330
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00AA74F0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00AA74F0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00AC91DD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	0_2_00AC91DD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	0_2_00AB7380
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00AD5450
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ecx, eax	0_2_00AA9580
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ebp+00h], ax	0_2_00AA9580
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then xor edi, edi	0_2_00AB759F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov esi, eax	0_2_00AB5799
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ecx, eax	0_2_00AB5799
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx eax, word ptr [edx]	0_2_00AB97C2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [edi], dx	0_2_00AB97C2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_00AB97C2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then lea edx, dword ptr [ecx+01h]	0_2_00AAB70C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ecx], bp	0_2_00ABD83A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]	0_2_00AC3860
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then jmp eax	0_2_00AC984F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, eax	0_2_00AA5990
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebp, eax	0_2_00AA5990
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000080h]	0_2_00AB79C1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then push esi	0_2_00AC7AD3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00ACDA53
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, eax	0_2_00AADBD9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, eax	0_2_00AADBD9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then push 00000000h	0_2_00AC9C2B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]	0_2_00AB7DEE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then jmp dword ptr [00AE55F4h]	0_2_00AC5E30
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov edx, ebp	0_2_00AC5E70

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:50941 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.6:52509 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.6:55723 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.6:57415 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.6:63357 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.6:50897 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.6:51992 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.6:56335 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.6:55876 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49707 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: rapeflowwj.lat
Source: Malware configuration extractor	URLs: discokeyus.lat
Source: Malware configuration extractor	URLs: sweepyribs.lat
Source: Malware configuration extractor	URLs: necklacebudi.lat
Source: Malware configuration extractor	URLs: crosshuaht.lat
Source: Malware configuration extractor	URLs: sustainskelet.lat
Source: Malware configuration extractor	URLs: grannyejh.lat
Source: Malware configuration extractor	URLs: aspecteirs.lat
Source: Malware configuration extractor	URLs: energyaffai.lat

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic

Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49707 -> 104.102.49.254:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=98e9f0b8793623ec1d0c5b05; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 23 Dec 2024 07:48:56 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control~~R equals www.youtube.com (Youtube)
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic	DNS traffic detected: DNS query: grannyejh.lat
Source: global traffic	DNS traffic detected: DNS query: discokeyus.lat
Source: global traffic	DNS traffic detected: DNS query: necklacebudi.lat
Source: global traffic	DNS traffic detected: DNS query: energyaffai.lat
Source: global traffic	DNS traffic detected: DNS query: aspecteirs.lat
Source: global traffic	DNS traffic detected: DNS query: sustainskelet.lat
Source: global traffic	DNS traffic detected: DNS query: crosshuaht.lat
Source: global traffic	DNS traffic detected: DNS query: rapeflowwj.lat
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000002.2183677507.0000000001346000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.0000000001366000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000002.2183776055.0000000001366000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: 44EPDJT1V8.exe, 00000000.00000002.2183677507.0000000001346000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000002.2183677507.0000000001337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49707 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: 44EPDJT1V8.exe	Static PE information: section name:
Source: 44EPDJT1V8.exe	Static PE information: section name: .rsrc
Source: 44EPDJT1V8.exe	Static PE information: section name: .idata

Detected potential crypto function

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA8850	0_2_00AA8850
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AAACF0	0_2_00AAACF0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B940B2	0_2_00B940B2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3E0A1	0_2_00B3E0A1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5E0AE	0_2_00B5E0AE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099	0_2_00BCC099
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB009C	0_2_00BB009C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B90095	0_2_00B90095
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3A0F0	0_2_00C3A0F0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1C084	0_2_00B1C084
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE0085	0_2_00BE0085
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C360FC	0_2_00C360FC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1E080	0_2_00C1E080
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDE0FF	0_2_00BDE0FF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B960E4	0_2_00B960E4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3C0A2	0_2_00C3C0A2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0A0C1	0_2_00B0A0C1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF403C	0_2_00BF403C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B50030	0_2_00B50030
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2A022	0_2_00B2A022
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C50057	0_2_00C50057
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9E018	0_2_00B9E018
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3206C	0_2_00C3206C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B00000	0_2_00B00000
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2E072	0_2_00C2E072
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8800E	0_2_00B8800E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C00000	0_2_00C00000
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B06077	0_2_00B06077
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5607E	0_2_00B5607E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B18061	0_2_00B18061
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C22016	0_2_00C22016
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069	0_2_00B78069
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE6061	0_2_00BE6061
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2402E	0_2_00C2402E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4E05A	0_2_00B4E05A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C42036	0_2_00C42036
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCE048	0_2_00BCE048
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B20045	0_2_00B20045
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA6042	0_2_00BA6042
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9E1B6	0_2_00B9E1B6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB41AB	0_2_00BB41AB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0E1DD	0_2_00C0E1DD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5C194	0_2_00B5C194
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0C184	0_2_00B0C184
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC2190	0_2_00AC2190
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC81FB	0_2_00BC81FB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6418F	0_2_00C6418F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFE1F2	0_2_00BFE1F2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2419F	0_2_00C2419F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC41C0	0_2_00AC41C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B541D8	0_2_00B541D8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB21C9	0_2_00BB21C9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C541BD	0_2_00C541BD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B681CB	0_2_00B681CB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3E141	0_2_00C3E141
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE2128	0_2_00BE2128
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B92126	0_2_00B92126
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B38117	0_2_00B38117
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C58161	0_2_00C58161
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B40119	0_2_00B40119
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4E169	0_2_00C4E169
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4017D	0_2_00C4017D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B86103	0_2_00B86103
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B72171	0_2_00B72171
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C5610A	0_2_00C5610A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6E16E	0_2_00B6E16E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFC14A	0_2_00BFC14A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C442C4	0_2_00C442C4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B342A1	0_2_00B342A1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC62AA	0_2_00BC62AA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7E2AE	0_2_00B7E2AE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B802A1	0_2_00B802A1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C062DA	0_2_00C062DA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B742AB	0_2_00B742AB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6E2D8	0_2_00C6E2D8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAA29B	0_2_00BAA29B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA6280	0_2_00AA6280
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ABE290	0_2_00ABE290
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5C2F5	0_2_00B5C2F5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BBC2FB	0_2_00BBC2FB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B462F5	0_2_00B462F5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C48283	0_2_00C48283
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9A2F2	0_2_00B9A2F2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C26289	0_2_00C26289
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C00292	0_2_00C00292
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B482E0	0_2_00B482E0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C162B3	0_2_00C162B3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB823C	0_2_00BB823C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6223F	0_2_00B6223F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0424F	0_2_00C0424F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF623A	0_2_00AF623A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B16228	0_2_00B16228
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C14265	0_2_00C14265
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1221C	0_2_00B1221C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0A208	0_2_00B0A208
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2620C	0_2_00B2620C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD6279	0_2_00BD6279
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AB6263	0_2_00AB6263
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0E26C	0_2_00B0E26C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B14250	0_2_00B14250
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0222A	0_2_00C0222A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC024C	0_2_00BC024C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B30240	0_2_00B30240
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C34239	0_2_00C34239
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4C3C6	0_2_00C4C3C6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C503C1	0_2_00C503C1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C383E8	0_2_00C383E8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC4380	0_2_00AC4380
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C143F4	0_2_00C143F4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0A3F9	0_2_00C0A3F9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8A3F8	0_2_00B8A3F8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B003F3	0_2_00B003F3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACC3FC	0_2_00ACC3FC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C52396	0_2_00C52396
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEC3D8	0_2_00BEC3D8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7A330	0_2_00B7A330
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA4320	0_2_00AA4320
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE432E	0_2_00BE432E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACA33F	0_2_00ACA33F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA8330	0_2_00AA8330
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC830D	0_2_00AC830D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C08372	0_2_00C08372
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B04305	0_2_00B04305
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8C372	0_2_00B8C372
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAE376	0_2_00BAE376
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF6367	0_2_00BF6367
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C46326	0_2_00C46326
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9C35E	0_2_00B9C35E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2E35F	0_2_00B2E35F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8634F	0_2_00B8634F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2A34B	0_2_00B2A34B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF0342	0_2_00BF0342
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD84B9	0_2_00BD84B9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB44BD	0_2_00BB44BD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C484D4	0_2_00C484D4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC24AB	0_2_00BC24AB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3C4AF	0_2_00B3C4AF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA24A6	0_2_00BA24A6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3A4E6	0_2_00C3A4E6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA4496	0_2_00BA4496
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE648A	0_2_00BE648A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2C4F2	0_2_00B2C4F2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B284EA	0_2_00B284EA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2E499	0_2_00C2E499
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD44D9	0_2_00BD44D9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4C4C8	0_2_00B4C4C8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFC43D	0_2_00BFC43D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6C43F	0_2_00B6C43F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB0436	0_2_00BB0436
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4244A	0_2_00C4244A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6A40F	0_2_00B6A40F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B90406	0_2_00B90406
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1C402	0_2_00C1C402
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA646B	0_2_00BA646B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B56467	0_2_00B56467
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEA469	0_2_00BEA469
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2A469	0_2_00B2A469
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7C468	0_2_00B7C468
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C18424	0_2_00C18424
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0C44F	0_2_00B0C44F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B98446	0_2_00B98446
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEE5BD	0_2_00BEE5BD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6C5BE	0_2_00B6C5BE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDE59E	0_2_00BDE59E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC458E	0_2_00BC458E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B94580	0_2_00B94580
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1A58A	0_2_00C1A58A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7C5E9	0_2_00B7C5E9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF253A	0_2_00BF253A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B64538	0_2_00B64538
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC8525	0_2_00BC8525
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7651B	0_2_00B7651B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC2510	0_2_00AC2510
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B72574	0_2_00B72574
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5E56D	0_2_00B5E56D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C5651C	0_2_00C5651C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B50569	0_2_00B50569
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2056D	0_2_00B2056D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEC55F	0_2_00BEC55F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDA55E	0_2_00BDA55E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B06541	0_2_00B06541
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE054B	0_2_00BE054B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB2543	0_2_00BB2543
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B88541	0_2_00B88541
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B786B6	0_2_00B786B6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA86BB	0_2_00BA86BB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B006A9	0_2_00B006A9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B64692	0_2_00B64692
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA0693	0_2_00BA0693
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C106EB	0_2_00C106EB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B926FA	0_2_00B926FA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3E68E	0_2_00C3E68E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8C6ED	0_2_00B8C6ED
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B866D0	0_2_00B866D0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C026A9	0_2_00C026A9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC86C0	0_2_00AC86C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8A6CD	0_2_00B8A6CD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B806CF	0_2_00B806CF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC66C5	0_2_00BC66C5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC66D0	0_2_00AC66D0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCA6C0	0_2_00BCA6C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B466C9	0_2_00B466C9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C06648	0_2_00C06648
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C28648	0_2_00C28648
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9A622	0_2_00B9A622
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0E618	0_2_00B0E618
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B34603	0_2_00B34603
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C58676	0_2_00C58676
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFE67C	0_2_00BFE67C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4E600	0_2_00C4E600
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB867C	0_2_00BB867C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0A66B	0_2_00B0A66B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1661F	0_2_00C1661F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C62622	0_2_00C62622
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C32627	0_2_00C32627
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3C62E	0_2_00C3C62E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B16646	0_2_00B16646
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2263C	0_2_00C2263C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9C7BB	0_2_00B9C7BB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD27B9	0_2_00BD27B9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB67A9	0_2_00BB67A9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AAA780	0_2_00AAA780
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AB8792	0_2_00AB8792
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4C78D	0_2_00B4C78D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C26787	0_2_00C26787
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BBC7D9	0_2_00BBC7D9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6A7D3	0_2_00B6A7D3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B487DC	0_2_00B487DC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD67D5	0_2_00BD67D5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0A7AA	0_2_00C0A7AA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ABE7C0	0_2_00ABE7C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C087AD	0_2_00C087AD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C527B5	0_2_00C527B5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2C7C0	0_2_00B2C7C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C507B2	0_2_00C507B2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFC7C1	0_2_00BFC7C1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0C74C	0_2_00C0C74C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3874C	0_2_00C3874C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5C725	0_2_00B5C725
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C5475C	0_2_00C5475C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3272E	0_2_00B3272E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB0717	0_2_00BB0717
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1071C	0_2_00B1071C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA6710	0_2_00AA6710
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEA76F	0_2_00BEA76F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B30766	0_2_00B30766
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF0764	0_2_00BF0764
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4E719	0_2_00C4E719
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B90754	0_2_00B90754
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA4741	0_2_00BA4741
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3E8B2	0_2_00B3E8B2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B128B2	0_2_00B128B2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE08B4	0_2_00BE08B4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B068BC	0_2_00B068BC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3C8A5	0_2_00B3C8A5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AAC8B6	0_2_00AAC8B6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4A8E6	0_2_00C4A8E6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9E8E3	0_2_00B9E8E3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC88CB	0_2_00AC88CB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0E8DF	0_2_00B0E8DF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B408C7	0_2_00B408C7
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC28C9	0_2_00BC28C9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C388BE	0_2_00C388BE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C00840	0_2_00C00840
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AB682D	0_2_00AB682D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2A825	0_2_00B2A825
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9881C	0_2_00B9881C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0C816	0_2_00B0C816
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1881A	0_2_00B1881A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1C809	0_2_00B1C809
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AD8810	0_2_00AD8810
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2E87C	0_2_00C2E87C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF487D	0_2_00BF487D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2886F	0_2_00B2886F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE2855	0_2_00BE2855
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B84854	0_2_00B84854
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B76859	0_2_00B76859
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDA852	0_2_00BDA852
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C44834	0_2_00C44834
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8284C	0_2_00B8284C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB0846	0_2_00BB0846
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C549CC	0_2_00C549CC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1E9D0	0_2_00C1E9D0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B089A2	0_2_00B089A2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B749AD	0_2_00B749AD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78997	0_2_00B78997
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C149E5	0_2_00C149E5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDC997	0_2_00BDC997
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B049F3	0_2_00B049F3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE69F3	0_2_00BE69F3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B869F6	0_2_00B869F6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0698E	0_2_00C0698E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEC9DF	0_2_00BEC9DF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9A9DC	0_2_00B9A9DC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF29D4	0_2_00BF29D4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFA9D3	0_2_00BFA9D3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B14930	0_2_00B14930
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC093D	0_2_00BC093D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B02936	0_2_00B02936
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B72923	0_2_00B72923
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC0939	0_2_00AC0939
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3692E	0_2_00B3692E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C16960	0_2_00C16960
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B52907	0_2_00B52907
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC890F	0_2_00BC890F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2C976	0_2_00C2C976
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C56978	0_2_00C56978
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B32971	0_2_00B32971
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6C972	0_2_00B6C972
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE8978	0_2_00BE8978
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1490F	0_2_00C1490F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD4969	0_2_00BD4969
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDE95C	0_2_00BDE95C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCE950	0_2_00BCE950
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AD0940	0_2_00AD0940
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC6ABE	0_2_00BC6ABE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C40AC3	0_2_00C40AC3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C08AD3	0_2_00C08AD3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5EAA1	0_2_00B5EAA1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C20ADB	0_2_00C20ADB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C52AE1	0_2_00C52AE1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFEAFB	0_2_00BFEAFB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B92AFF	0_2_00B92AFF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8AAE5	0_2_00B8AAE5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B74AD3	0_2_00B74AD3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACCAD0	0_2_00ACCAD0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0AA3A	0_2_00B0AA3A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C32A48	0_2_00C32A48
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD8A26	0_2_00BD8A26
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C34A5D	0_2_00C34A5D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4AA1E	0_2_00B4AA1E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B54A1F	0_2_00B54A1F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C22A75	0_2_00C22A75
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AAEA10	0_2_00AAEA10
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9EA79	0_2_00B9EA79
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B64A70	0_2_00B64A70
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7EA7F	0_2_00B7EA7F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C28A10	0_2_00C28A10
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6EA57	0_2_00B6EA57
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2AA21	0_2_00C2AA21
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACCA49	0_2_00ACCA49
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB8A52	0_2_00BB8A52
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C58A28	0_2_00C58A28
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B56A4D	0_2_00B56A4D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C12A3A	0_2_00C12A3A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B90BB4	0_2_00B90BB4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B28BBC	0_2_00B28BBC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B26BA1	0_2_00B26BA1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BACBAF	0_2_00BACBAF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C36BD9	0_2_00C36BD9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6ABA8	0_2_00B6ABA8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BBEB8B	0_2_00BBEB8B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B00B83	0_2_00B00B83
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B50B83	0_2_00B50B83
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4CBFD	0_2_00C4CBFD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B46B8F	0_2_00B46B8F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6EBF0	0_2_00B6EBF0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B20BFB	0_2_00B20BFB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE8BE7	0_2_00BE8BE7
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF0BE2	0_2_00BF0BE2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B70BC6	0_2_00B70BC6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C32BBA	0_2_00C32BBA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAABC5	0_2_00BAABC5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACCB22	0_2_00ACCB22
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC8B2B	0_2_00BC8B2B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AD6B08	0_2_00AD6B08
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0AB69	0_2_00C0AB69
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C60B72	0_2_00C60B72
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C46B70	0_2_00C46B70
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C54B71	0_2_00C54B71
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACCB11	0_2_00ACCB11
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C48B06	0_2_00C48B06
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1EB69	0_2_00B1EB69
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8EB5B	0_2_00B8EB5B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B30B57	0_2_00B30B57
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7CB50	0_2_00B7CB50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ABCB40	0_2_00ABCB40
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B44B4F	0_2_00B44B4F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC6B50	0_2_00AC6B50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC4B40	0_2_00BC4B40
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ADECA0	0_2_00ADECA0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B18CBE	0_2_00B18CBE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B44CA5	0_2_00B44CA5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDACAB	0_2_00BDACAB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2ACAB	0_2_00B2ACAB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF2CA5	0_2_00BF2CA5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCCCA7	0_2_00BCCCA7
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF8C85	0_2_00BF8C85
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACAC90	0_2_00ACAC90
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B82CDD	0_2_00B82CDD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0CCDC	0_2_00B0CCDC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD0CC8	0_2_00BD0CC8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B96C34	0_2_00B96C34
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C38C5F	0_2_00C38C5F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B38C2D	0_2_00B38C2D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6CC15	0_2_00B6CC15
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF4C1C	0_2_00BF4C1C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE0C16	0_2_00BE0C16
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC2C0E	0_2_00BC2C0E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB0C06	0_2_00BB0C06
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1CC70	0_2_00B1CC70
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BBAC79	0_2_00BBAC79
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5AC72	0_2_00B5AC72
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA4C60	0_2_00AA4C60
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0EC7C	0_2_00B0EC7C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C42C14	0_2_00C42C14
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B66C52	0_2_00B66C52
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C10C2B	0_2_00C10C2B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5CC45	0_2_00B5CC45
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B58C46	0_2_00B58C46
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2CDCE	0_2_00C2CDCE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C56DDE	0_2_00C56DDE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE2DA0	0_2_00BE2DA0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C58DDA	0_2_00C58DDA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDCD96	0_2_00BDCD96
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7CDF5	0_2_00B7CDF5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B14DF7	0_2_00B14DF7
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C06DB6	0_2_00C06DB6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0EDB8	0_2_00C0EDB8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7EDCE	0_2_00B7EDCE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF6DC3	0_2_00BF6DC3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C12DBC	0_2_00C12DBC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C28D4B	0_2_00C28D4B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1CD62	0_2_00C1CD62
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B32D03	0_2_00B32D03
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B86D78	0_2_00B86D78
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C04D03	0_2_00C04D03
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B72D7C	0_2_00B72D7C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78D6C	0_2_00B78D6C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFED5A	0_2_00BFED5A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AACD46	0_2_00AACD46
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD4D52	0_2_00BD4D52
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C44D3D	0_2_00C44D3D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B36D4E	0_2_00B36D4E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B88EBB	0_2_00B88EBB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCAEAE	0_2_00BCAEAE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C32EDE	0_2_00C32EDE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0AE93	0_2_00B0AE93
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0AEFB	0_2_00C0AEFB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B40EF2	0_2_00B40EF2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE4EF1	0_2_00BE4EF1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B04EE2	0_2_00B04EE2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4CEEF	0_2_00B4CEEF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B56ED6	0_2_00B56ED6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ADAEC0	0_2_00ADAEC0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C42EBD	0_2_00C42EBD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B08E30	0_2_00B08E30
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9EE32	0_2_00B9EE32
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C02E5E	0_2_00C02E5E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD6E1B	0_2_00BD6E1B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B16E1B	0_2_00B16E1B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C16E01	0_2_00C16E01
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC4E7F	0_2_00BC4E7F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1EE04	0_2_00C1EE04
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AD6E74	0_2_00AD6E74
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B64E52	0_2_00B64E52
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4EE21	0_2_00C4EE21
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B06E58	0_2_00B06E58
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9AE54	0_2_00B9AE54
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCCE4B	0_2_00BCCE4B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFEFB8	0_2_00BFEFB8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B52FA2	0_2_00B52FA2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8AFA1	0_2_00B8AFA1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B94FA2	0_2_00B94FA2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ADEFB0	0_2_00ADEFB0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3EF8F	0_2_00B3EF8F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C20F8C	0_2_00C20F8C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2AFE0	0_2_00B2AFE0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BBAFEF	0_2_00BBAFEF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B64FE8	0_2_00B64FE8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAAFE4	0_2_00BAAFE4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAEFE5	0_2_00BAEFE5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C46FA1	0_2_00C46FA1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB0FD6	0_2_00BB0FD6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C30FAC	0_2_00C30FAC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B90FCF	0_2_00B90FCF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB2FC3	0_2_00BB2FC3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C58F6F	0_2_00C58F6F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC2F10	0_2_00BC2F10
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4AF00	0_2_00B4AF00
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C52F72	0_2_00C52F72
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3EF08	0_2_00C3EF08
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B20F61	0_2_00B20F61
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACCF74	0_2_00ACCF74
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B84F5B	0_2_00B84F5B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC6F59	0_2_00BC6F59
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AD8F59	0_2_00AD8F59
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2EF3B	0_2_00C2EF3B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA2F50	0_2_00AA2F50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC0F50	0_2_00AC0F50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6D0C6	0_2_00C6D0C6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF50B5	0_2_00BF50B5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF70A2	0_2_00AF70A2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF70AB	0_2_00BF70AB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0D0A6	0_2_00B0D0A6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2D0A9	0_2_00B2D0A9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B870A3	0_2_00B870A3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B31091	0_2_00B31091
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAD099	0_2_00BAD099
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6F092	0_2_00B6F092

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: String function: 00AA8030 appears 42 times
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: String function: 00AB4400 appears 62 times

Uses 32bit PE files

Source: 44EPDJT1V8.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 44EPDJT1V8.exe

Static PE information: Section: ZLIB complexity 0.997418129280822

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/1

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Code function: 0_2_00AD0C70 CoCreateInstance,

0_2_00AD0C70

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 44EPDJT1V8.exe	Virustotal: Detection: 58%
Source: 44EPDJT1V8.exe	ReversingLabs: Detection: 60%

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

File read: C:\Users\user\Desktop\44EPDJT1V8.exe

Jump to behavior

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: dpapi.dll	Jump to behavior

Source: 44EPDJT1V8.exe

Static file information: File size 2947584 > 1048576

Source: 44EPDJT1V8.exe

Static PE information: Raw size of dtapodtg is bigger than: 0x100000 < 0x2a7a00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Unpacked PE file: 0.2.44EPDJT1V8.exe.aa0000.0.unpack :EW;.rsrc :W;.idata :W;dtapodtg:EW;gwdoasti:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;dtapodtg:EW;gwdoasti:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: 44EPDJT1V8.exe

Static PE information: real checksum: 0x2ddc11 should be: 0x2d21a5

PE file contains sections with non-standard names

Source: 44EPDJT1V8.exe	Static PE information: section name:
Source: 44EPDJT1V8.exe	Static PE information: section name: .rsrc
Source: 44EPDJT1V8.exe	Static PE information: section name: .idata
Source: 44EPDJT1V8.exe	Static PE information: section name: dtapodtg
Source: 44EPDJT1V8.exe	Static PE information: section name: gwdoasti
Source: 44EPDJT1V8.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF8507 push eax; mov dword ptr [esp], 18EFB058h	0_2_00AF8508
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF8507 push edx; mov dword ptr [esp], eax	0_2_00AF90A8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF8507 push ebx; mov dword ptr [esp], eax	0_2_00AF90CB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00D020F1 push ebp; mov dword ptr [esp], edi	0_2_00D02105
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push 6920534Fh; mov dword ptr [esp], eax	0_2_00BCC5B5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push 18065247h; mov dword ptr [esp], esi	0_2_00BCC5C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push ecx; mov dword ptr [esp], edx	0_2_00BCC5CB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push 61E52BDCh; mov dword ptr [esp], ebx	0_2_00BCC680
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push eax; mov dword ptr [esp], ebx	0_2_00BCC696
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push 44F1EF0Bh; mov dword ptr [esp], edx	0_2_00BCC774
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push 283200D0h; mov dword ptr [esp], eax	0_2_00BCC7B5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AFE007 push ecx; mov dword ptr [esp], edi	0_2_00AFE03F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF8076 push ebx; iretd	0_2_00AF8080
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push ebp; mov dword ptr [esp], edx	0_2_00B78429
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push 58F127F2h; mov dword ptr [esp], edi	0_2_00B78443
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push 6513ECE3h; mov dword ptr [esp], ebx	0_2_00B78459
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push 5FB41384h; mov dword ptr [esp], ebp	0_2_00B7847D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push 4C4BF931h; mov dword ptr [esp], edi	0_2_00B784F8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push 370A6C00h; mov dword ptr [esp], esi	0_2_00B78640
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push ebx; mov dword ptr [esp], esi	0_2_00B78672
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AFC05C push edi; mov dword ptr [esp], edx	0_2_00AFC05D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0E037 push esi; mov dword ptr [esp], ebx	0_2_00C0E0AB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0E037 push 0A7F857Bh; mov dword ptr [esp], ecx	0_2_00C0E0F3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0E037 push edi; mov dword ptr [esp], eax	0_2_00C0E146
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF61AB push esi; mov dword ptr [esp], 71873D00h	0_2_00AF6E1D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF61AB push 01080234h; mov dword ptr [esp], edx	0_2_00AF6E5A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF61AB push 1BD89C48h; mov dword ptr [esp], ebp	0_2_00AF6EFB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6418F push eax; mov dword ptr [esp], edi	0_2_00C64199
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6418F push edi; mov dword ptr [esp], edx	0_2_00C64231
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6418F push ecx; mov dword ptr [esp], ebx	0_2_00C64260
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6418F push 2DC22F8Bh; mov dword ptr [esp], eax	0_2_00C642D7

Source: 44EPDJT1V8.exe

Static PE information: section name: entropy: 7.9821276687644165

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: Regmonclass	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: AF82B7 second address: AF82CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC25159C03h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: AF82CE second address: AF7AFD instructions: 0x00000000 rdtsc 0x00000002 jg 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f cmc 0x00000010 push dword ptr [ebp+122D04A1h] 0x00000016 jmp 00007EFC2515BA44h 0x0000001b call dword ptr [ebp+122D35A9h] 0x00000021 pushad 0x00000022 pushad 0x00000023 movzx eax, ax 0x00000026 push eax 0x00000027 mov ax, EC62h 0x0000002b pop edx 0x0000002c popad 0x0000002d xor eax, eax 0x0000002f jc 00007EFC2515BA40h 0x00000035 jmp 00007EFC2515BA3Ah 0x0000003a mov edx, dword ptr [esp+28h] 0x0000003e xor dword ptr [ebp+122D34FDh], edi 0x00000044 mov dword ptr [ebp+122D2C4Bh], eax 0x0000004a jmp 00007EFC2515BA45h 0x0000004f mov esi, 0000003Ch 0x00000054 clc 0x00000055 add esi, dword ptr [esp+24h] 0x00000059 jc 00007EFC2515BA3Ch 0x0000005f sub dword ptr [ebp+122D3544h], esi 0x00000065 cmc 0x00000066 lodsw 0x00000068 mov dword ptr [ebp+122D34FDh], esi 0x0000006e add eax, dword ptr [esp+24h] 0x00000072 mov dword ptr [ebp+122D3544h], edx 0x00000078 mov ebx, dword ptr [esp+24h] 0x0000007c stc 0x0000007d push eax 0x0000007e push esi 0x0000007f push eax 0x00000080 push edx 0x00000081 push ecx 0x00000082 pop ecx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C74FF4 second address: C74FFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C74FFA second address: C75000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C75000 second address: C75004 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C73FCA second address: C73FD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C73FD0 second address: C73FD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C73FD8 second address: C73FE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 je 00007EFC2515BA36h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C74476 second address: C74481 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007EFC25159BF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C74481 second address: C744A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007EFC2515BA40h 0x0000000e jnp 00007EFC2515BA36h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77585 second address: C775E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d xor dword ptr [ebp+122D38E8h], esi 0x00000013 jnp 00007EFC25159BFCh 0x00000019 push 00000000h 0x0000001b je 00007EFC25159BFBh 0x00000021 add di, 29B0h 0x00000026 push F11C29BDh 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007EFC25159C07h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C775E1 second address: C775F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC2515BA3Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C775F2 second address: C775F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C775F6 second address: C7763B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 0EE3D6C3h 0x0000000f mov ecx, dword ptr [ebp+122D35B5h] 0x00000015 push 00000003h 0x00000017 cmc 0x00000018 push 00000000h 0x0000001a mov dl, EFh 0x0000001c push 00000003h 0x0000001e jg 00007EFC2515BA3Ch 0x00000024 push BDDEEA8Bh 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007EFC2515BA43h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C7763B second address: C77646 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77646 second address: C776B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 add dword ptr [esp], 02211575h 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007EFC2515BA38h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D3596h], eax 0x0000002d lea ebx, dword ptr [ebp+12453490h] 0x00000033 call 00007EFC2515BA40h 0x00000038 or cx, 3E72h 0x0000003d pop edx 0x0000003e stc 0x0000003f xchg eax, ebx 0x00000040 pushad 0x00000041 jmp 00007EFC2515BA3Ch 0x00000046 push edx 0x00000047 jg 00007EFC2515BA36h 0x0000004d pop edx 0x0000004e popad 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push edx 0x00000053 pushad 0x00000054 popad 0x00000055 pop edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C776F2 second address: C77704 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jbe 00007EFC25159BF6h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77704 second address: C7770E instructions: 0x00000000 rdtsc 0x00000002 je 00007EFC2515BA3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C7770E second address: C7775C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebp 0x0000000a call 00007EFC25159BF8h 0x0000000f pop ebp 0x00000010 mov dword ptr [esp+04h], ebp 0x00000014 add dword ptr [esp+04h], 00000015h 0x0000001c inc ebp 0x0000001d push ebp 0x0000001e ret 0x0000001f pop ebp 0x00000020 ret 0x00000021 jl 00007EFC25159C02h 0x00000027 jno 00007EFC25159BFCh 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 mov dword ptr [ebp+122D3521h], ecx 0x00000036 pop esi 0x00000037 call 00007EFC25159BF9h 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f push edx 0x00000040 pop edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C7775C second address: C777C0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007EFC2515BA3Fh 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007EFC2515BA40h 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a pushad 0x0000001b jc 00007EFC2515BA3Ch 0x00000021 jl 00007EFC2515BA36h 0x00000027 pushad 0x00000028 pushad 0x00000029 popad 0x0000002a jnc 00007EFC2515BA36h 0x00000030 popad 0x00000031 popad 0x00000032 mov eax, dword ptr [eax] 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 jmp 00007EFC2515BA45h 0x0000003c push esi 0x0000003d pop esi 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C777C0 second address: C777C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C777C6 second address: C777CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C7795D second address: C7796B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007EFC25159BFCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C7796B second address: C779BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 add dword ptr [ebp+122D3538h], ebx 0x0000000e mov esi, dword ptr [ebp+122D2437h] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007EFC2515BA38h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 mov dword ptr [ebp+122D1CBCh], ebx 0x00000036 mov cl, 59h 0x00000038 call 00007EFC2515BA39h 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 pushad 0x00000041 popad 0x00000042 pushad 0x00000043 popad 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C779BA second address: C779D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C779D8 second address: C779FE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007EFC2515BA48h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C779FE second address: C77A18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007EFC25159BFCh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77A18 second address: C77A39 instructions: 0x00000000 rdtsc 0x00000002 jg 00007EFC2515BA38h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f jno 00007EFC2515BA3Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77A39 second address: C77A84 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 mov si, B762h 0x0000000c push 00000003h 0x0000000e pushad 0x0000000f pushad 0x00000010 mov esi, 18A783C0h 0x00000015 popad 0x00000016 pushad 0x00000017 mov dh, bh 0x00000019 or eax, 49299619h 0x0000001f popad 0x00000020 popad 0x00000021 push 00000000h 0x00000023 mov si, 467Bh 0x00000027 mov dx, 1C32h 0x0000002b push 00000003h 0x0000002d mov edi, 6E16AB9Ah 0x00000032 sub dword ptr [ebp+122D273Eh], eax 0x00000038 call 00007EFC25159BF9h 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jg 00007EFC25159BF6h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77A84 second address: C77A8E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77A8E second address: C77AA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AA3 second address: C77AA9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AA9 second address: C77AAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AAF second address: C77AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AB3 second address: C77ACE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77ACE second address: C77AF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 js 00007EFC2515BA38h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e mov eax, dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007EFC2515BA42h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AF4 second address: C77AF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AF8 second address: C77AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C895E5 second address: C895E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C895E9 second address: C895ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C895ED second address: C895F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5B586 second address: C5B58A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C96B57 second address: C96B61 instructions: 0x00000000 rdtsc 0x00000002 jp 00007EFC25159BFEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C96D10 second address: C96D14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C96F61 second address: C96F6A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C96F6A second address: C96FA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC2515BA48h 0x00000009 jg 00007EFC2515BA36h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebx 0x00000013 jmp 00007EFC2515BA3Fh 0x00000018 push eax 0x00000019 push edx 0x0000001a push edi 0x0000001b pop edi 0x0000001c jp 00007EFC2515BA36h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97623 second address: C97631 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007EFC25159BFCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97631 second address: C97639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97639 second address: C97643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007EFC25159BF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9779A second address: C977FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA43h 0x00000007 jg 00007EFC2515BA36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnp 00007EFC2515BA49h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007EFC2515BA42h 0x0000001d jmp 00007EFC2515BA45h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97964 second address: C9796A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97CA9 second address: C97CB3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFC2515BA36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97CB3 second address: C97CB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97CB9 second address: C97CBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97CBF second address: C97CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97CC5 second address: C97CC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C8D857 second address: C8D86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jp 00007EFC25159C02h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C8D86E second address: C8D878 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007EFC2515BA36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C8D878 second address: C8D896 instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFC25159C00h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C6DD16 second address: C6DD2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC2515BA44h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C6DD2E second address: C6DD38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C6DD38 second address: C6DD3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C983E3 second address: C983ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007EFC25159BF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C983ED second address: C983F3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9854C second address: C98562 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jns 00007EFC25159BF6h 0x0000000b jnp 00007EFC25159BF6h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9CF3E second address: C9CF43 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D0B3 second address: C9D0B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D0B9 second address: C9D0D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D0D4 second address: C9D0D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D0D9 second address: C9D0E9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D0E9 second address: C9D121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 js 00007EFC25159BF8h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 jns 00007EFC25159C08h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jl 00007EFC25159BFCh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D121 second address: C9D125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9B85C second address: C9B860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9B860 second address: C9B86A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D3ED second address: C9D3F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D3F1 second address: C9D3F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C672AF second address: C672B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C672B3 second address: C672B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C672B9 second address: C672CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC25159C02h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA2A13 second address: CA2A36 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jo 00007EFC2515BA36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007EFC2515BA47h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C68CED second address: C68CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA6320 second address: CA6324 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA6324 second address: CA632A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA632A second address: CA6345 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA45h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA6345 second address: CA6349 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C63C3C second address: C63C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007EFC2515BA3Eh 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007EFC2515BA48h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA5BC0 second address: CA5BC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA5BC4 second address: CA5BD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007EFC2515BA36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA5E7D second address: CA5E8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA6011 second address: CA6040 instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007EFC2515BA3Eh 0x00000010 jmp 00007EFC2515BA44h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA617D second address: CA6182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA6182 second address: CA61B4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 ja 00007EFC2515BA36h 0x0000000f pop edx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 jo 00007EFC2515BA36h 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007EFC2515BA3Fh 0x00000026 push esi 0x00000027 pop esi 0x00000028 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA88C9 second address: CA88FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007EFC25159C01h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA88FB second address: CA88FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8B2C second address: CA8B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8EF6 second address: CA8EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA95FD second address: CA9602 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA9720 second address: CA972A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA9B6C second address: CA9BB3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 js 00007EFC25159BF6h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 jne 00007EFC25159BF8h 0x00000019 push edx 0x0000001a jmp 00007EFC25159C08h 0x0000001f pop edx 0x00000020 popad 0x00000021 nop 0x00000022 and si, 45A3h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a ja 00007EFC25159BF8h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0B2 second address: CAA0B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0B6 second address: CAA0D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0D3 second address: CAA0D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0D9 second address: CAA0DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0DD second address: CAA0EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0EB second address: CAA0EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAABF second address: CAAAC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAAC5 second address: CAAAD7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnp 00007EFC25159BFEh 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAAD7 second address: CAAAF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 nop 0x00000006 movzx edi, cx 0x00000009 push 00000000h 0x0000000b sub dword ptr [ebp+122D396Ah], esi 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 or dword ptr [ebp+122D2964h], esi 0x0000001a pop esi 0x0000001b xchg eax, ebx 0x0000001c pushad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAAF7 second address: CAAAFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAAFD second address: CAAB0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007EFC2515BA36h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAB0A second address: CAAB0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAB0E second address: CAAB1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAB1C second address: CAAB26 instructions: 0x00000000 rdtsc 0x00000002 jg 00007EFC25159BFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CABB30 second address: CABB3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CABB3B second address: CABBAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jc 00007EFC25159C01h 0x0000000d jmp 00007EFC25159BFBh 0x00000012 nop 0x00000013 jmp 00007EFC25159C03h 0x00000018 push 00000000h 0x0000001a mov dword ptr [ebp+122D23F9h], edx 0x00000020 pushad 0x00000021 mov dx, 3861h 0x00000025 popad 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b call 00007EFC25159BF8h 0x00000030 pop edx 0x00000031 mov dword ptr [esp+04h], edx 0x00000035 add dword ptr [esp+04h], 00000018h 0x0000003d inc edx 0x0000003e push edx 0x0000003f ret 0x00000040 pop edx 0x00000041 ret 0x00000042 and edi, dword ptr [ebp+122D35BAh] 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007EFC25159BFBh 0x00000050 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAD287 second address: CAD28B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAD28B second address: CAD2A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CACFA6 second address: CACFAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CACFAA second address: CACFB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB349A second address: CB34A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB4636 second address: CB463B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB463B second address: CB46CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jp 00007EFC2515BA40h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007EFC2515BA38h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000018h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007EFC2515BA38h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 00000016h 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a jc 00007EFC2515BA4Ah 0x00000050 jmp 00007EFC2515BA44h 0x00000055 xchg eax, esi 0x00000056 push eax 0x00000057 push edx 0x00000058 jl 00007EFC2515BA38h 0x0000005e push esi 0x0000005f pop esi 0x00000060 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB675A second address: CB675E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB591B second address: CB5920 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB68FC second address: CB6906 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB87BD second address: CB87CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB87CE second address: CB8829 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007EFC25159BFCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d or dword ptr [ebp+122D396Ah], ecx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007EFC25159BF8h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f push 00000000h 0x00000031 xchg eax, esi 0x00000032 jne 00007EFC25159C00h 0x00000038 push eax 0x00000039 jo 00007EFC25159C0Ah 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 pop eax 0x00000043 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB9B5C second address: CB9B62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBAC20 second address: CBAC33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC25159BFEh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBDEC8 second address: CBDECE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC0F71 second address: CC0F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF3F second address: CBEF43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBE076 second address: CBE0F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007EFC25159BF8h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 jno 00007EFC25159BFCh 0x0000002b push dword ptr fs:[00000000h] 0x00000032 push 00000000h 0x00000034 push esi 0x00000035 call 00007EFC25159BF8h 0x0000003a pop esi 0x0000003b mov dword ptr [esp+04h], esi 0x0000003f add dword ptr [esp+04h], 00000014h 0x00000047 inc esi 0x00000048 push esi 0x00000049 ret 0x0000004a pop esi 0x0000004b ret 0x0000004c mov bx, si 0x0000004f mov dword ptr fs:[00000000h], esp 0x00000056 mov bx, dx 0x00000059 mov dword ptr [ebp+12453DD2h], esi 0x0000005f mov eax, dword ptr [ebp+122D0925h] 0x00000065 mov edi, eax 0x00000067 push FFFFFFFFh 0x00000069 mov bx, 828Ah 0x0000006d nop 0x0000006e push eax 0x0000006f push edx 0x00000070 push esi 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBD1AB second address: CBD1AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF43 second address: CBEF51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBE0F3 second address: CBE0F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBD1AF second address: CBD1B5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF51 second address: CBEF55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBE0F8 second address: CBE0FD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBD1B5 second address: CBD1C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC2515BA3Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF55 second address: CBEF5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBD1C8 second address: CBD1ED instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007EFC2515BA46h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF5B second address: CBEF61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF61 second address: CBEF65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EE3 second address: CC1EE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EE7 second address: CC1EEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EEB second address: CC1EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBF033 second address: CBF037 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EF1 second address: CC1EF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBF037 second address: CBF049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jnp 00007EFC2515BA48h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EF7 second address: CC1EFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBF049 second address: CBF04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EFB second address: CC1F0C instructions: 0x00000000 rdtsc 0x00000002 jng 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBF04D second address: CBF051 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1F0C second address: CC1F12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC2EC2 second address: CC2F1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jns 00007EFC2515BA3Bh 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007EFC2515BA38h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Ch 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b mov dword ptr [ebp+124750A8h], ebx 0x00000031 push 00000000h 0x00000033 mov ebx, edi 0x00000035 xchg eax, esi 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b jmp 00007EFC2515BA3Eh 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC2050 second address: CC2066 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC2F1B second address: CC2F40 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFC2515BA38h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007EFC2515BA45h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC2066 second address: CC206A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC210E second address: CC2114 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC2114 second address: CC2118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC3050 second address: CC305F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007EFC2515BA36h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC5EBA second address: CC5EC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jc 00007EFC25159BF6h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC3FB3 second address: CC3FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC4066 second address: CC4082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC25159C08h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC4082 second address: CC4095 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CCD69E second address: CCD6BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007EFC25159C07h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CCD0A1 second address: CCD0A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CCD0A7 second address: CCD0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC25159C09h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C657A5 second address: C657A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C657A9 second address: C657AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB36 second address: C5EB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007EFC2515BA45h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB54 second address: C5EB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB58 second address: C5EB5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB5E second address: C5EB64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB64 second address: C5EB6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007EFC2515BA36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB6E second address: C5EBE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007EFC25159C09h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007EFC25159C03h 0x00000019 jmp 00007EFC25159BFFh 0x0000001e popad 0x0000001f push esi 0x00000020 jmp 00007EFC25159BFEh 0x00000025 ja 00007EFC25159BF6h 0x0000002b pop esi 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EBE0 second address: C5EBE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD7AEA second address: CD7B2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007EFC25159BFCh 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 jnl 00007EFC25159BF6h 0x00000017 jmp 00007EFC25159C04h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD7B2B second address: CD7B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007EFC2515BA3Fh 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007EFC2515BA3Ah 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD8129 second address: CD812F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD812F second address: CD8141 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC2515BA3Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD82B8 second address: CD82BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD843B second address: CD8440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD8736 second address: CD8748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 push edx 0x0000000a jnp 00007EFC25159BF6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD8748 second address: CD874D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD874D second address: CD8762 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007EFC25159BFCh 0x0000000a pop esi 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD8762 second address: CD8775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007EFC2515BA36h 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD8775 second address: CD8798 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007EFC25159BF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007EFC25159C07h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDD9BB second address: CDD9CF instructions: 0x00000000 rdtsc 0x00000002 jg 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007EFC2515BA36h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDD9CF second address: CDD9FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007EFC25159BF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007EFC25159BFFh 0x00000011 pushad 0x00000012 jc 00007EFC25159BF6h 0x00000018 push edx 0x00000019 pop edx 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f jns 00007EFC25159BF6h 0x00000025 pop esi 0x00000026 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDD9FF second address: CDDA18 instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFC2515BA3Ah 0x00000008 pushad 0x00000009 jmp 00007EFC2515BA3Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDDB59 second address: CDDB75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFCh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push esi 0x0000000d pop esi 0x0000000e jnl 00007EFC25159BF6h 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDDB75 second address: CDDB7F instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFC2515BA3Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDDB7F second address: CDDB8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDDE50 second address: CDDE58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDE380 second address: CDE393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007EFC25159BFCh 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDE393 second address: CDE399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C8E427 second address: C8E457 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFCh 0x00000007 jmp 00007EFC25159C07h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jnp 00007EFC25159BF6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDEA40 second address: CDEA46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDEA46 second address: CDEA88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007EFC25159C08h 0x0000000b popad 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007EFC25159C10h 0x00000015 push edi 0x00000016 pop edi 0x00000017 jmp 00007EFC25159C08h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDD3D5 second address: CDD3E4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jne 00007EFC2515BA36h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDD3E4 second address: CDD3EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC851 second address: CEC857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC857 second address: CEC85B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC85B second address: CEC880 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA46h 0x00000007 jns 00007EFC2515BA36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C8D86A second address: C8D86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC21E second address: CEC226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC226 second address: CEC233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007EFC25159BFEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC233 second address: CEC23D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC23D second address: CEC243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC243 second address: CEC26B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007EFC2515BA3Ah 0x0000000e jmp 00007EFC2515BA45h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC26B second address: CEC271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC271 second address: CEC277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C606A9 second address: C606AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C606AD second address: C606B7 instructions: 0x00000000 rdtsc 0x00000002 jo 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA72B9 second address: CA72F5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFC25159BF8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007EFC25159BF8h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 lea eax, dword ptr [ebp+12483009h] 0x0000002f add dword ptr [ebp+122D3544h], ecx 0x00000035 nop 0x00000036 push edx 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA72F5 second address: CA72FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA72FB second address: CA730C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007EFC25159BF8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA730C second address: CA7312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7312 second address: C8D857 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007EFC25159BF8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 call dword ptr [ebp+12453C39h] 0x00000029 jmp 00007EFC25159C09h 0x0000002e push eax 0x0000002f push edx 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7480 second address: CA7484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA78AF second address: CA78B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA78B6 second address: CA78CD instructions: 0x00000000 rdtsc 0x00000002 jne 00007EFC2515BA3Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA79A5 second address: CA79BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA79BB second address: CA79D4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007EFC2515BA3Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA79D4 second address: CA7A15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007EFC25159BF8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 call 00007EFC25159BF9h 0x0000002a jng 00007EFC25159C08h 0x00000030 push eax 0x00000031 push edx 0x00000032 jno 00007EFC25159BF6h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7A15 second address: CA7A3B instructions: 0x00000000 rdtsc 0x00000002 je 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jns 00007EFC2515BA42h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7A3B second address: CA7A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007EFC25159BF6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7B65 second address: CA7B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007EFC2515BA3Fh 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jc 00007EFC2515BA3Ch 0x00000013 jnp 00007EFC2515BA36h 0x00000019 push eax 0x0000001a push edx 0x0000001b je 00007EFC2515BA36h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7DCD second address: CA7DD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7DD3 second address: CA7DF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007EFC2515BA36h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8315 second address: CA831B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA84E7 second address: CA84ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA855F second address: CA8571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jp 00007EFC25159BF6h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8571 second address: CA8587 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC2515BA42h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8587 second address: CA85F2 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007EFC25159BF8h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 jg 00007EFC25159BFCh 0x0000002d mov dx, 6D90h 0x00000031 lea eax, dword ptr [ebp+1248304Dh] 0x00000037 push 00000000h 0x00000039 push ebx 0x0000003a call 00007EFC25159BF8h 0x0000003f pop ebx 0x00000040 mov dword ptr [esp+04h], ebx 0x00000044 add dword ptr [esp+04h], 0000001Dh 0x0000004c inc ebx 0x0000004d push ebx 0x0000004e ret 0x0000004f pop ebx 0x00000050 ret 0x00000051 nop 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 push edx 0x00000057 pop edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA85F2 second address: CA85FC instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA85FC second address: CA8601 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8601 second address: C8E427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007EFC2515BA3Bh 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007EFC2515BA38h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D1C80h], ebx 0x00000030 jmp 00007EFC2515BA3Dh 0x00000035 lea eax, dword ptr [ebp+12483009h] 0x0000003b jmp 00007EFC2515BA41h 0x00000040 nop 0x00000041 jmp 00007EFC2515BA41h 0x00000046 push eax 0x00000047 jnp 00007EFC2515BA3Ah 0x0000004d nop 0x0000004e jo 00007EFC2515BA3Ah 0x00000054 mov dx, 95F4h 0x00000058 call dword ptr [ebp+1245B625h] 0x0000005e pushad 0x0000005f pushad 0x00000060 pushad 0x00000061 popad 0x00000062 jng 00007EFC2515BA36h 0x00000068 popad 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c pop eax 0x0000006d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF03D3 second address: CF03D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF03D7 second address: CF03DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF03DB second address: CF040C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007EFC25159C0Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007EFC25159BF6h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF040C second address: CF0412 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF0A8D second address: CF0A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007EFC25159BF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF0A97 second address: CF0A9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF36FE second address: CF3702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF61A1 second address: CF61AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF61AA second address: CF61B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF632A second address: CF6330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF6330 second address: CF6334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF64B0 second address: CF64D3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007EFC2515BA41h 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jl 00007EFC2515BA36h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFA899 second address: CFA8B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFC25159C02h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFA196 second address: CFA19A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFA19A second address: CFA1A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFA1A0 second address: CFA1AC instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFC2515BA3Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFA5BC second address: CFA5EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C01h 0x00000007 jmp 00007EFC25159C09h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFFC2F second address: CFFC33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFFEC8 second address: CFFEE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007EFC25159BFBh 0x0000000d popad 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFFEE4 second address: CFFEEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFFEEA second address: CFFEEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFFEEE second address: CFFF2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007EFC2515BA3Ch 0x0000000e jc 00007EFC2515BA36h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 jmp 00007EFC2515BA3Bh 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007EFC2515BA48h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA80B7 second address: CA80C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007EFC25159BF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D00377 second address: D0037D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0037D second address: D00381 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D00381 second address: D00387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D00387 second address: D0038D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0038D second address: D003AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007EFC2515BA42h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D003AA second address: D003AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D003AE second address: D003D9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007EFC2515BA3Fh 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007EFC2515BA41h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D003D9 second address: D003E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D05268 second address: D0526E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0457C second address: D0459F instructions: 0x00000000 rdtsc 0x00000002 jne 00007EFC25159C15h 0x00000008 jmp 00007EFC25159C09h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D046CB second address: D046D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007EFC2515BA36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D046D5 second address: D046EF instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007EFC25159BFCh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D046EF second address: D046F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D04B16 second address: D04B20 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D04DE9 second address: D04E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC2515BA43h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D04E05 second address: D04E0F instructions: 0x00000000 rdtsc 0x00000002 je 00007EFC25159BF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0D986 second address: D0D9E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA3Ch 0x00000007 jmp 00007EFC2515BA46h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jp 00007EFC2515BA47h 0x00000015 jne 00007EFC2515BA3Ch 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007EFC2515BA3Eh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0BC02 second address: D0BC07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0C251 second address: D0C25B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007EFC2515BA36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0C25B second address: D0C283 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007EFC25159BFCh 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0C283 second address: D0C28B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D123C1 second address: D123D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFC25159BFAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15565 second address: D15569 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15569 second address: D15581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007EFC25159BFDh 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D156C8 second address: D156CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D156CE second address: D156DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 jng 00007EFC25159BF6h 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D156DD second address: D156F4 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFC2515BA3Ah 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007EFC2515BA36h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D156F4 second address: D1572C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C09h 0x00000007 jmp 00007EFC25159C08h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15B6D second address: D15B95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007EFC2515BA38h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E1F second address: D15E25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E25 second address: D15E2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E2A second address: D15E2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E2F second address: D15E3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007EFC2515BA36h 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E3D second address: D15E46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E46 second address: D15E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC2515BA3Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D160C5 second address: D160D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D1D474 second address: D1D479 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D1E046 second address: D1E05C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jc 00007EFC25159BFEh 0x0000000b push edx 0x0000000c pop edx 0x0000000d jg 00007EFC25159BF6h 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D1E229 second address: D1E232 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D1E97B second address: D1E97F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D1E97F second address: D1E98B instructions: 0x00000000 rdtsc 0x00000002 jne 00007EFC2515BA36h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D2552C second address: D25532 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D25532 second address: D25536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D25809 second address: D25850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 jmp 00007EFC25159C08h 0x0000000e jmp 00007EFC25159BFEh 0x00000013 pop eax 0x00000014 jno 00007EFC25159C07h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D33EC6 second address: D33ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D33ECA second address: D33ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D33ECE second address: D33ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D33ED8 second address: D33EE2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007EFC25159BF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D33EE2 second address: D33F1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007EFC2515BA38h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007EFC2515BA48h 0x00000015 jmp 00007EFC2515BA42h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D379BF second address: D379D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC25159C04h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D379D7 second address: D37A00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC2515BA40h 0x00000009 jmp 00007EFC2515BA45h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D46274 second address: D46278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D46278 second address: D46282 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFC2515BA36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D487CD second address: D487D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D487D3 second address: D487D9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4F3EC second address: D4F404 instructions: 0x00000000 rdtsc 0x00000002 jp 00007EFC25159BF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4F99C second address: D4F9A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4F9A5 second address: D4F9AD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4F9AD second address: D4F9C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA3Fh 0x00000007 jg 00007EFC2515BA3Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4F9C6 second address: D4FA03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007EFC25159C00h 0x0000000f jnc 00007EFC25159BF6h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a jmp 00007EFC25159C08h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4FA03 second address: D4FA1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007EFC2515BA3Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4FA1C second address: D4FA20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D5083E second address: D50844 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D50844 second address: D5084A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D5084A second address: D5084E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D5084E second address: D50852 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D543F2 second address: D543F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D543F6 second address: D543FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D53FDC second address: D53FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007EFC2515BA3Bh 0x0000000b jp 00007EFC2515BA36h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D54162 second address: D54166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D61E82 second address: D61E8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007EFC2515BA36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D70A0D second address: D70A11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D70846 second address: D7085C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007EFC2515BA41h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D73E5A second address: D73E5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D765B2 second address: D765B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D765B6 second address: D765BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D765BC second address: D765CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D765CE second address: D765D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8B152 second address: D8B158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8B158 second address: D8B18B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007EFC25159C09h 0x0000000b jmp 00007EFC25159C01h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8B18B second address: D8B1B2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFC2515BA51h 0x00000008 jmp 00007EFC2515BA49h 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D89F0D second address: D89F1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007EFC25159BF6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D89F1F second address: D89F27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D89F27 second address: D89F6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007EFC25159C13h 0x0000000b jmp 00007EFC25159C07h 0x00000010 ja 00007EFC25159BF6h 0x00000016 pushad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 push eax 0x0000001a pop eax 0x0000001b jmp 00007EFC25159C05h 0x00000020 popad 0x00000021 pushad 0x00000022 push eax 0x00000023 pop eax 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8A0ED second address: D8A10B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007EFC2515BA41h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8A3DE second address: D8A42D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC25159C08h 0x00000009 popad 0x0000000a jng 00007EFC25159BFAh 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007EFC25159C07h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007EFC25159BFEh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8AB21 second address: D8AB34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 je 00007EFC2515BA3Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8DFE9 second address: D8DFEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Special instruction interceptor: First address: AF7AAE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Special instruction interceptor: First address: AF7B19 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Special instruction interceptor: First address: CA74F1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Special instruction interceptor: First address: D2AA77 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Special instruction interceptor: First address: C9B6BB instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Code function: 0_2_00AF801B rdtsc

0_2_00AF801B

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\44EPDJT1V8.exe TID: 936

Thread sleep time: -120000s >= -30000s

Jump to behavior

Source: 44EPDJT1V8.exe, 44EPDJT1V8.exe, 00000000.00000002.2182383425.0000000000C7C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 44EPDJT1V8.exe, 00000000.00000002.2183677507.0000000001337000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: 44EPDJT1V8.exe, 00000000.00000002.2183776055.000000000138B000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000138B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 44EPDJT1V8.exe, 00000000.00000002.2182383425.0000000000C7C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	File opened: NTICE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	File opened: SICE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Code function: 0_2_00AF801B rdtsc

0_2_00AF801B

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Code function: 0_2_00ADC1F0 LdrInitializeThunk,

0_2_00ADC1F0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: 44EPDJT1V8.exe	String found in binary or memory: rapeflowwj.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: sustainskelet.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: crosshuaht.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: energyaffai.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: aspecteirs.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: discokeyus.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: necklacebudi.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: sweepyribs.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: grannyejh.lat

Source: 44EPDJT1V8.exe, 44EPDJT1V8.exe, 00000000.00000002.2182670472.0000000000CC6000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: '%Program Manager

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	false

Contacted Domains

Name	IP	Active
steamcommunity.com	104.102.49.254	true
sustainskelet.lat	unknown	unknown
crosshuaht.lat	unknown	unknown
rapeflowwj.lat	unknown	unknown
grannyejh.lat	unknown	unknown
aspecteirs.lat	unknown	unknown
sweepyribs.lat	unknown	unknown
discokeyus.lat	unknown	unknown
energyaffai.lat	unknown	unknown
necklacebudi.lat	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
necklacebudi.lat	false	high
aspecteirs.lat	false	high
sweepyribs.lat	false	high
sustainskelet.lat	false	high
crosshuaht.lat	false	high
rapeflowwj.lat	false	high
https://steamcommunity.com/profiles/76561199724331900	false	high
energyaffai.lat	false	high
grannyejh.lat	false	high
discokeyus.lat	false	high

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 44EPDJT1V8.exe

Avira: detected

Found malware configuration

Source: 44EPDJT1V8.exe.3416.0.memstrmin

Multi AV Scanner detection for submitted file

Source: 44EPDJT1V8.exe	Virustotal: Detection: 58%			Perma Link
Source: 44EPDJT1V8.exe	ReversingLabs: Detection: 60%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 44EPDJT1V8.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: rapeflowwj.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: crosshuaht.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: sustainskelet.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: aspecteirs.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: energyaffai.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: necklacebudi.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: discokeyus.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: grannyejh.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: sweepyribs.lat
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.2138512004.0000000005190000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Uses 32bit PE files

Source: 44EPDJT1V8.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49707 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]	0_2_00ADC767
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov edx, ecx	0_2_00AA9C4A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, esi	0_2_00AC2190
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ebx], cx	0_2_00AC2190
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	0_2_00AC2190
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]	0_2_00AB6263
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then jmp dword ptr [00AE450Ch]	0_2_00AB8591
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h	0_2_00AD85E0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then jmp eax	0_2_00AD85E0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov eax, dword ptr [00AE473Ch]	0_2_00ABC653
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]	0_2_00ABE7C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00ACA700
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, edx	0_2_00AAC8B6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+4B6A4A26h]	0_2_00AAC8B6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00AB682D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]	0_2_00AB682D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]	0_2_00AB682D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov edx, ecx	0_2_00AD8810
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh	0_2_00AD8810
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh	0_2_00AD8810
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then test eax, eax	0_2_00AD8810
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then push ebx	0_2_00ADCA93
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00ACCAD0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00ACCA49
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00AC6B95
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00ACCB22
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_00ACCB11
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AC8B61
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00ABCB40
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_00ABCB40
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	0_2_00ADECA0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov eax, dword ptr [ebp-68h]	0_2_00AC8D93
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ecx, eax	0_2_00ADAEC0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	0_2_00ADEFB0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then xor byte ptr [esp+eax+17h], al	0_2_00AA8F50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00AA8F50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then push C0BFD6CCh	0_2_00AC3086
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then push C0BFD6CCh	0_2_00AC3086
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00AC91DD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	0_2_00AC91DD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h	0_2_00ADB1D0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, eax	0_2_00ADB1D0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_00ACB170
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ebx], ax	0_2_00ABB2E0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]	0_2_00AB5220
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	0_2_00AB7380
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h	0_2_00ABD380
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax]	0_2_00ADF330
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00AA74F0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00AA74F0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00AC91DD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	0_2_00AC91DD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	0_2_00AB7380
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00AD5450
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ecx, eax	0_2_00AA9580
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ebp+00h], ax	0_2_00AA9580
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then xor edi, edi	0_2_00AB759F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov esi, eax	0_2_00AB5799
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ecx, eax	0_2_00AB5799
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx eax, word ptr [edx]	0_2_00AB97C2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [edi], dx	0_2_00AB97C2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_00AB97C2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then lea edx, dword ptr [ecx+01h]	0_2_00AAB70C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov word ptr [ecx], bp	0_2_00ABD83A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]	0_2_00AC3860
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then jmp eax	0_2_00AC984F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, eax	0_2_00AA5990
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebp, eax	0_2_00AA5990
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000080h]	0_2_00AB79C1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then push esi	0_2_00AC7AD3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00ACDA53
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, eax	0_2_00AADBD9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov ebx, eax	0_2_00AADBD9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then push 00000000h	0_2_00AC9C2B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]	0_2_00AB7DEE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then jmp dword ptr [00AE55F4h]	0_2_00AC5E30
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 4x nop then mov edx, ebp	0_2_00AC5E70

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:50941 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.6:52509 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.6:55723 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.6:57415 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.6:63357 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.6:50897 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.6:51992 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.6:56335 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.6:55876 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49707 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: rapeflowwj.lat
Source: Malware configuration extractor	URLs: discokeyus.lat
Source: Malware configuration extractor	URLs: sweepyribs.lat
Source: Malware configuration extractor	URLs: necklacebudi.lat
Source: Malware configuration extractor	URLs: crosshuaht.lat
Source: Malware configuration extractor	URLs: sustainskelet.lat
Source: Malware configuration extractor	URLs: grannyejh.lat
Source: Malware configuration extractor	URLs: aspecteirs.lat
Source: Malware configuration extractor	URLs: energyaffai.lat

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic

Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49707 -> 104.102.49.254:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=98e9f0b8793623ec1d0c5b05; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 23 Dec 2024 07:48:56 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control~~R equals www.youtube.com (Youtube)
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic	DNS traffic detected: DNS query: grannyejh.lat
Source: global traffic	DNS traffic detected: DNS query: discokeyus.lat
Source: global traffic	DNS traffic detected: DNS query: necklacebudi.lat
Source: global traffic	DNS traffic detected: DNS query: energyaffai.lat
Source: global traffic	DNS traffic detected: DNS query: aspecteirs.lat
Source: global traffic	DNS traffic detected: DNS query: sustainskelet.lat
Source: global traffic	DNS traffic detected: DNS query: crosshuaht.lat
Source: global traffic	DNS traffic detected: DNS query: rapeflowwj.lat
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000002.2183677507.0000000001346000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.0000000001366000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000002.2183776055.0000000001366000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: 44EPDJT1V8.exe, 00000000.00000002.2183677507.0000000001346000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000002.2183677507.0000000001337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178567431.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000134D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000139D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49707 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: 44EPDJT1V8.exe	Static PE information: section name:
Source: 44EPDJT1V8.exe	Static PE information: section name: .rsrc
Source: 44EPDJT1V8.exe	Static PE information: section name: .idata

Detected potential crypto function

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA8850	0_2_00AA8850
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AAACF0	0_2_00AAACF0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B940B2	0_2_00B940B2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3E0A1	0_2_00B3E0A1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5E0AE	0_2_00B5E0AE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099	0_2_00BCC099
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB009C	0_2_00BB009C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B90095	0_2_00B90095
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3A0F0	0_2_00C3A0F0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1C084	0_2_00B1C084
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE0085	0_2_00BE0085
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C360FC	0_2_00C360FC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1E080	0_2_00C1E080
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDE0FF	0_2_00BDE0FF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B960E4	0_2_00B960E4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3C0A2	0_2_00C3C0A2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0A0C1	0_2_00B0A0C1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF403C	0_2_00BF403C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B50030	0_2_00B50030
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2A022	0_2_00B2A022
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C50057	0_2_00C50057
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9E018	0_2_00B9E018
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3206C	0_2_00C3206C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B00000	0_2_00B00000
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2E072	0_2_00C2E072
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8800E	0_2_00B8800E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C00000	0_2_00C00000
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B06077	0_2_00B06077
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5607E	0_2_00B5607E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B18061	0_2_00B18061
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C22016	0_2_00C22016
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069	0_2_00B78069
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE6061	0_2_00BE6061
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2402E	0_2_00C2402E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4E05A	0_2_00B4E05A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C42036	0_2_00C42036
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCE048	0_2_00BCE048
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B20045	0_2_00B20045
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA6042	0_2_00BA6042
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9E1B6	0_2_00B9E1B6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB41AB	0_2_00BB41AB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0E1DD	0_2_00C0E1DD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5C194	0_2_00B5C194
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0C184	0_2_00B0C184
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC2190	0_2_00AC2190
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC81FB	0_2_00BC81FB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6418F	0_2_00C6418F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFE1F2	0_2_00BFE1F2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2419F	0_2_00C2419F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC41C0	0_2_00AC41C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B541D8	0_2_00B541D8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB21C9	0_2_00BB21C9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C541BD	0_2_00C541BD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B681CB	0_2_00B681CB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3E141	0_2_00C3E141
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE2128	0_2_00BE2128
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B92126	0_2_00B92126
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B38117	0_2_00B38117
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C58161	0_2_00C58161
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B40119	0_2_00B40119
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4E169	0_2_00C4E169
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4017D	0_2_00C4017D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B86103	0_2_00B86103
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B72171	0_2_00B72171
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C5610A	0_2_00C5610A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6E16E	0_2_00B6E16E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFC14A	0_2_00BFC14A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C442C4	0_2_00C442C4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B342A1	0_2_00B342A1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC62AA	0_2_00BC62AA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7E2AE	0_2_00B7E2AE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B802A1	0_2_00B802A1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C062DA	0_2_00C062DA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B742AB	0_2_00B742AB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6E2D8	0_2_00C6E2D8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAA29B	0_2_00BAA29B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA6280	0_2_00AA6280
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ABE290	0_2_00ABE290
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5C2F5	0_2_00B5C2F5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BBC2FB	0_2_00BBC2FB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B462F5	0_2_00B462F5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C48283	0_2_00C48283
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9A2F2	0_2_00B9A2F2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C26289	0_2_00C26289
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C00292	0_2_00C00292
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B482E0	0_2_00B482E0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C162B3	0_2_00C162B3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB823C	0_2_00BB823C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6223F	0_2_00B6223F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0424F	0_2_00C0424F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF623A	0_2_00AF623A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B16228	0_2_00B16228
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C14265	0_2_00C14265
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1221C	0_2_00B1221C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0A208	0_2_00B0A208
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2620C	0_2_00B2620C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD6279	0_2_00BD6279
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AB6263	0_2_00AB6263
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0E26C	0_2_00B0E26C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B14250	0_2_00B14250
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0222A	0_2_00C0222A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC024C	0_2_00BC024C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B30240	0_2_00B30240
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C34239	0_2_00C34239
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4C3C6	0_2_00C4C3C6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C503C1	0_2_00C503C1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C383E8	0_2_00C383E8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC4380	0_2_00AC4380
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C143F4	0_2_00C143F4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0A3F9	0_2_00C0A3F9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8A3F8	0_2_00B8A3F8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B003F3	0_2_00B003F3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACC3FC	0_2_00ACC3FC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C52396	0_2_00C52396
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEC3D8	0_2_00BEC3D8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7A330	0_2_00B7A330
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA4320	0_2_00AA4320
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE432E	0_2_00BE432E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACA33F	0_2_00ACA33F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA8330	0_2_00AA8330
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC830D	0_2_00AC830D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C08372	0_2_00C08372
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B04305	0_2_00B04305
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8C372	0_2_00B8C372
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAE376	0_2_00BAE376
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF6367	0_2_00BF6367
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C46326	0_2_00C46326
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9C35E	0_2_00B9C35E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2E35F	0_2_00B2E35F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8634F	0_2_00B8634F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2A34B	0_2_00B2A34B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF0342	0_2_00BF0342
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD84B9	0_2_00BD84B9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB44BD	0_2_00BB44BD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C484D4	0_2_00C484D4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC24AB	0_2_00BC24AB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3C4AF	0_2_00B3C4AF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA24A6	0_2_00BA24A6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3A4E6	0_2_00C3A4E6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA4496	0_2_00BA4496
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE648A	0_2_00BE648A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2C4F2	0_2_00B2C4F2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B284EA	0_2_00B284EA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2E499	0_2_00C2E499
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD44D9	0_2_00BD44D9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4C4C8	0_2_00B4C4C8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFC43D	0_2_00BFC43D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6C43F	0_2_00B6C43F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB0436	0_2_00BB0436
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4244A	0_2_00C4244A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6A40F	0_2_00B6A40F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B90406	0_2_00B90406
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1C402	0_2_00C1C402
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA646B	0_2_00BA646B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B56467	0_2_00B56467
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEA469	0_2_00BEA469
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2A469	0_2_00B2A469
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7C468	0_2_00B7C468
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C18424	0_2_00C18424
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0C44F	0_2_00B0C44F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B98446	0_2_00B98446
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEE5BD	0_2_00BEE5BD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6C5BE	0_2_00B6C5BE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDE59E	0_2_00BDE59E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC458E	0_2_00BC458E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B94580	0_2_00B94580
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1A58A	0_2_00C1A58A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7C5E9	0_2_00B7C5E9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF253A	0_2_00BF253A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B64538	0_2_00B64538
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC8525	0_2_00BC8525
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7651B	0_2_00B7651B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC2510	0_2_00AC2510
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B72574	0_2_00B72574
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5E56D	0_2_00B5E56D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C5651C	0_2_00C5651C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B50569	0_2_00B50569
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2056D	0_2_00B2056D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEC55F	0_2_00BEC55F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDA55E	0_2_00BDA55E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B06541	0_2_00B06541
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE054B	0_2_00BE054B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB2543	0_2_00BB2543
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B88541	0_2_00B88541
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B786B6	0_2_00B786B6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA86BB	0_2_00BA86BB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B006A9	0_2_00B006A9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B64692	0_2_00B64692
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA0693	0_2_00BA0693
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C106EB	0_2_00C106EB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B926FA	0_2_00B926FA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3E68E	0_2_00C3E68E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8C6ED	0_2_00B8C6ED
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B866D0	0_2_00B866D0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C026A9	0_2_00C026A9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC86C0	0_2_00AC86C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8A6CD	0_2_00B8A6CD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B806CF	0_2_00B806CF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC66C5	0_2_00BC66C5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC66D0	0_2_00AC66D0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCA6C0	0_2_00BCA6C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B466C9	0_2_00B466C9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C06648	0_2_00C06648
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C28648	0_2_00C28648
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9A622	0_2_00B9A622
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0E618	0_2_00B0E618
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B34603	0_2_00B34603
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C58676	0_2_00C58676
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFE67C	0_2_00BFE67C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4E600	0_2_00C4E600
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB867C	0_2_00BB867C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0A66B	0_2_00B0A66B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1661F	0_2_00C1661F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C62622	0_2_00C62622
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C32627	0_2_00C32627
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3C62E	0_2_00C3C62E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B16646	0_2_00B16646
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2263C	0_2_00C2263C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9C7BB	0_2_00B9C7BB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD27B9	0_2_00BD27B9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB67A9	0_2_00BB67A9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AAA780	0_2_00AAA780
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AB8792	0_2_00AB8792
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4C78D	0_2_00B4C78D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C26787	0_2_00C26787
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BBC7D9	0_2_00BBC7D9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6A7D3	0_2_00B6A7D3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B487DC	0_2_00B487DC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD67D5	0_2_00BD67D5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0A7AA	0_2_00C0A7AA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ABE7C0	0_2_00ABE7C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C087AD	0_2_00C087AD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C527B5	0_2_00C527B5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2C7C0	0_2_00B2C7C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C507B2	0_2_00C507B2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFC7C1	0_2_00BFC7C1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0C74C	0_2_00C0C74C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3874C	0_2_00C3874C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5C725	0_2_00B5C725
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C5475C	0_2_00C5475C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3272E	0_2_00B3272E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB0717	0_2_00BB0717
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1071C	0_2_00B1071C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA6710	0_2_00AA6710
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEA76F	0_2_00BEA76F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B30766	0_2_00B30766
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF0764	0_2_00BF0764
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4E719	0_2_00C4E719
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B90754	0_2_00B90754
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BA4741	0_2_00BA4741
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3E8B2	0_2_00B3E8B2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B128B2	0_2_00B128B2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE08B4	0_2_00BE08B4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B068BC	0_2_00B068BC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3C8A5	0_2_00B3C8A5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AAC8B6	0_2_00AAC8B6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4A8E6	0_2_00C4A8E6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9E8E3	0_2_00B9E8E3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC88CB	0_2_00AC88CB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0E8DF	0_2_00B0E8DF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B408C7	0_2_00B408C7
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC28C9	0_2_00BC28C9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C388BE	0_2_00C388BE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C00840	0_2_00C00840
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AB682D	0_2_00AB682D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2A825	0_2_00B2A825
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9881C	0_2_00B9881C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0C816	0_2_00B0C816
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1881A	0_2_00B1881A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1C809	0_2_00B1C809
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AD8810	0_2_00AD8810
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2E87C	0_2_00C2E87C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF487D	0_2_00BF487D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2886F	0_2_00B2886F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE2855	0_2_00BE2855
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B84854	0_2_00B84854
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B76859	0_2_00B76859
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDA852	0_2_00BDA852
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C44834	0_2_00C44834
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8284C	0_2_00B8284C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB0846	0_2_00BB0846
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C549CC	0_2_00C549CC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1E9D0	0_2_00C1E9D0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B089A2	0_2_00B089A2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B749AD	0_2_00B749AD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78997	0_2_00B78997
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C149E5	0_2_00C149E5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDC997	0_2_00BDC997
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B049F3	0_2_00B049F3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE69F3	0_2_00BE69F3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B869F6	0_2_00B869F6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0698E	0_2_00C0698E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BEC9DF	0_2_00BEC9DF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9A9DC	0_2_00B9A9DC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF29D4	0_2_00BF29D4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFA9D3	0_2_00BFA9D3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B14930	0_2_00B14930
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC093D	0_2_00BC093D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B02936	0_2_00B02936
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B72923	0_2_00B72923
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC0939	0_2_00AC0939
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3692E	0_2_00B3692E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C16960	0_2_00C16960
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B52907	0_2_00B52907
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC890F	0_2_00BC890F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2C976	0_2_00C2C976
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C56978	0_2_00C56978
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B32971	0_2_00B32971
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6C972	0_2_00B6C972
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE8978	0_2_00BE8978
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1490F	0_2_00C1490F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD4969	0_2_00BD4969
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDE95C	0_2_00BDE95C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCE950	0_2_00BCE950
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AD0940	0_2_00AD0940
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC6ABE	0_2_00BC6ABE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C40AC3	0_2_00C40AC3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C08AD3	0_2_00C08AD3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5EAA1	0_2_00B5EAA1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C20ADB	0_2_00C20ADB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C52AE1	0_2_00C52AE1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFEAFB	0_2_00BFEAFB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B92AFF	0_2_00B92AFF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8AAE5	0_2_00B8AAE5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B74AD3	0_2_00B74AD3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACCAD0	0_2_00ACCAD0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0AA3A	0_2_00B0AA3A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C32A48	0_2_00C32A48
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD8A26	0_2_00BD8A26
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C34A5D	0_2_00C34A5D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4AA1E	0_2_00B4AA1E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B54A1F	0_2_00B54A1F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C22A75	0_2_00C22A75
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AAEA10	0_2_00AAEA10
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9EA79	0_2_00B9EA79
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B64A70	0_2_00B64A70
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7EA7F	0_2_00B7EA7F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C28A10	0_2_00C28A10
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6EA57	0_2_00B6EA57
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2AA21	0_2_00C2AA21
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACCA49	0_2_00ACCA49
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB8A52	0_2_00BB8A52
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C58A28	0_2_00C58A28
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B56A4D	0_2_00B56A4D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C12A3A	0_2_00C12A3A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B90BB4	0_2_00B90BB4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B28BBC	0_2_00B28BBC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B26BA1	0_2_00B26BA1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BACBAF	0_2_00BACBAF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C36BD9	0_2_00C36BD9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6ABA8	0_2_00B6ABA8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BBEB8B	0_2_00BBEB8B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B00B83	0_2_00B00B83
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B50B83	0_2_00B50B83
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4CBFD	0_2_00C4CBFD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B46B8F	0_2_00B46B8F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6EBF0	0_2_00B6EBF0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B20BFB	0_2_00B20BFB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE8BE7	0_2_00BE8BE7
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF0BE2	0_2_00BF0BE2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B70BC6	0_2_00B70BC6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C32BBA	0_2_00C32BBA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAABC5	0_2_00BAABC5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACCB22	0_2_00ACCB22
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC8B2B	0_2_00BC8B2B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AD6B08	0_2_00AD6B08
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0AB69	0_2_00C0AB69
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C60B72	0_2_00C60B72
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C46B70	0_2_00C46B70
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C54B71	0_2_00C54B71
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACCB11	0_2_00ACCB11
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C48B06	0_2_00C48B06
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1EB69	0_2_00B1EB69
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8EB5B	0_2_00B8EB5B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B30B57	0_2_00B30B57
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7CB50	0_2_00B7CB50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ABCB40	0_2_00ABCB40
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B44B4F	0_2_00B44B4F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC6B50	0_2_00AC6B50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC4B40	0_2_00BC4B40
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ADECA0	0_2_00ADECA0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B18CBE	0_2_00B18CBE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B44CA5	0_2_00B44CA5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDACAB	0_2_00BDACAB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2ACAB	0_2_00B2ACAB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF2CA5	0_2_00BF2CA5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCCCA7	0_2_00BCCCA7
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF8C85	0_2_00BF8C85
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACAC90	0_2_00ACAC90
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B82CDD	0_2_00B82CDD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0CCDC	0_2_00B0CCDC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD0CC8	0_2_00BD0CC8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B96C34	0_2_00B96C34
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C38C5F	0_2_00C38C5F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B38C2D	0_2_00B38C2D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6CC15	0_2_00B6CC15
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF4C1C	0_2_00BF4C1C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE0C16	0_2_00BE0C16
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC2C0E	0_2_00BC2C0E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB0C06	0_2_00BB0C06
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B1CC70	0_2_00B1CC70
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BBAC79	0_2_00BBAC79
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5AC72	0_2_00B5AC72
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA4C60	0_2_00AA4C60
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0EC7C	0_2_00B0EC7C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C42C14	0_2_00C42C14
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B66C52	0_2_00B66C52
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C10C2B	0_2_00C10C2B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B5CC45	0_2_00B5CC45
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B58C46	0_2_00B58C46
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2CDCE	0_2_00C2CDCE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C56DDE	0_2_00C56DDE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE2DA0	0_2_00BE2DA0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C58DDA	0_2_00C58DDA
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BDCD96	0_2_00BDCD96
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7CDF5	0_2_00B7CDF5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B14DF7	0_2_00B14DF7
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C06DB6	0_2_00C06DB6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0EDB8	0_2_00C0EDB8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B7EDCE	0_2_00B7EDCE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF6DC3	0_2_00BF6DC3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C12DBC	0_2_00C12DBC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C28D4B	0_2_00C28D4B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1CD62	0_2_00C1CD62
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B32D03	0_2_00B32D03
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B86D78	0_2_00B86D78
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C04D03	0_2_00C04D03
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B72D7C	0_2_00B72D7C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78D6C	0_2_00B78D6C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFED5A	0_2_00BFED5A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AACD46	0_2_00AACD46
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD4D52	0_2_00BD4D52
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C44D3D	0_2_00C44D3D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B36D4E	0_2_00B36D4E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B88EBB	0_2_00B88EBB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCAEAE	0_2_00BCAEAE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C32EDE	0_2_00C32EDE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0AE93	0_2_00B0AE93
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0AEFB	0_2_00C0AEFB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B40EF2	0_2_00B40EF2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BE4EF1	0_2_00BE4EF1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B04EE2	0_2_00B04EE2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4CEEF	0_2_00B4CEEF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B56ED6	0_2_00B56ED6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ADAEC0	0_2_00ADAEC0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C42EBD	0_2_00C42EBD
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B08E30	0_2_00B08E30
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9EE32	0_2_00B9EE32
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C02E5E	0_2_00C02E5E
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BD6E1B	0_2_00BD6E1B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B16E1B	0_2_00B16E1B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C16E01	0_2_00C16E01
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC4E7F	0_2_00BC4E7F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C1EE04	0_2_00C1EE04
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AD6E74	0_2_00AD6E74
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B64E52	0_2_00B64E52
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C4EE21	0_2_00C4EE21
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B06E58	0_2_00B06E58
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B9AE54	0_2_00B9AE54
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCCE4B	0_2_00BCCE4B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BFEFB8	0_2_00BFEFB8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B52FA2	0_2_00B52FA2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B8AFA1	0_2_00B8AFA1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B94FA2	0_2_00B94FA2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ADEFB0	0_2_00ADEFB0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B3EF8F	0_2_00B3EF8F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C20F8C	0_2_00C20F8C
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2AFE0	0_2_00B2AFE0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BBAFEF	0_2_00BBAFEF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B64FE8	0_2_00B64FE8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAAFE4	0_2_00BAAFE4
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAEFE5	0_2_00BAEFE5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C46FA1	0_2_00C46FA1
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB0FD6	0_2_00BB0FD6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C30FAC	0_2_00C30FAC
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B90FCF	0_2_00B90FCF
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BB2FC3	0_2_00BB2FC3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C58F6F	0_2_00C58F6F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC2F10	0_2_00BC2F10
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B4AF00	0_2_00B4AF00
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C52F72	0_2_00C52F72
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C3EF08	0_2_00C3EF08
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B20F61	0_2_00B20F61
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00ACCF74	0_2_00ACCF74
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B84F5B	0_2_00B84F5B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BC6F59	0_2_00BC6F59
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AD8F59	0_2_00AD8F59
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C2EF3B	0_2_00C2EF3B
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AA2F50	0_2_00AA2F50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AC0F50	0_2_00AC0F50
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6D0C6	0_2_00C6D0C6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF50B5	0_2_00BF50B5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF70A2	0_2_00AF70A2
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BF70AB	0_2_00BF70AB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B0D0A6	0_2_00B0D0A6
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B2D0A9	0_2_00B2D0A9
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B870A3	0_2_00B870A3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B31091	0_2_00B31091
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BAD099	0_2_00BAD099
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B6F092	0_2_00B6F092

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: String function: 00AA8030 appears 42 times
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: String function: 00AB4400 appears 62 times

Uses 32bit PE files

Source: 44EPDJT1V8.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 44EPDJT1V8.exe

Static PE information: Section: ZLIB complexity 0.997418129280822

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/1

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Code function: 0_2_00AD0C70 CoCreateInstance,

0_2_00AD0C70

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 44EPDJT1V8.exe	Virustotal: Detection: 58%
Source: 44EPDJT1V8.exe	ReversingLabs: Detection: 60%

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

File read: C:\Users\user\Desktop\44EPDJT1V8.exe

Jump to behavior

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Section loaded: dpapi.dll	Jump to behavior

Source: 44EPDJT1V8.exe

Static file information: File size 2947584 > 1048576

Source: 44EPDJT1V8.exe

Static PE information: Raw size of dtapodtg is bigger than: 0x100000 < 0x2a7a00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Unpacked PE file: 0.2.44EPDJT1V8.exe.aa0000.0.unpack :EW;.rsrc :W;.idata :W;dtapodtg:EW;gwdoasti:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;dtapodtg:EW;gwdoasti:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: 44EPDJT1V8.exe

Static PE information: real checksum: 0x2ddc11 should be: 0x2d21a5

PE file contains sections with non-standard names

Source: 44EPDJT1V8.exe	Static PE information: section name:
Source: 44EPDJT1V8.exe	Static PE information: section name: .rsrc
Source: 44EPDJT1V8.exe	Static PE information: section name: .idata
Source: 44EPDJT1V8.exe	Static PE information: section name: dtapodtg
Source: 44EPDJT1V8.exe	Static PE information: section name: gwdoasti
Source: 44EPDJT1V8.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF8507 push eax; mov dword ptr [esp], 18EFB058h	0_2_00AF8508
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF8507 push edx; mov dword ptr [esp], eax	0_2_00AF90A8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF8507 push ebx; mov dword ptr [esp], eax	0_2_00AF90CB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00D020F1 push ebp; mov dword ptr [esp], edi	0_2_00D02105
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push 6920534Fh; mov dword ptr [esp], eax	0_2_00BCC5B5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push 18065247h; mov dword ptr [esp], esi	0_2_00BCC5C0
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push ecx; mov dword ptr [esp], edx	0_2_00BCC5CB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push 61E52BDCh; mov dword ptr [esp], ebx	0_2_00BCC680
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push eax; mov dword ptr [esp], ebx	0_2_00BCC696
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push 44F1EF0Bh; mov dword ptr [esp], edx	0_2_00BCC774
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00BCC099 push 283200D0h; mov dword ptr [esp], eax	0_2_00BCC7B5
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AFE007 push ecx; mov dword ptr [esp], edi	0_2_00AFE03F
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF8076 push ebx; iretd	0_2_00AF8080
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push ebp; mov dword ptr [esp], edx	0_2_00B78429
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push 58F127F2h; mov dword ptr [esp], edi	0_2_00B78443
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push 6513ECE3h; mov dword ptr [esp], ebx	0_2_00B78459
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push 5FB41384h; mov dword ptr [esp], ebp	0_2_00B7847D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push 4C4BF931h; mov dword ptr [esp], edi	0_2_00B784F8
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push 370A6C00h; mov dword ptr [esp], esi	0_2_00B78640
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00B78069 push ebx; mov dword ptr [esp], esi	0_2_00B78672
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AFC05C push edi; mov dword ptr [esp], edx	0_2_00AFC05D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0E037 push esi; mov dword ptr [esp], ebx	0_2_00C0E0AB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0E037 push 0A7F857Bh; mov dword ptr [esp], ecx	0_2_00C0E0F3
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C0E037 push edi; mov dword ptr [esp], eax	0_2_00C0E146
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF61AB push esi; mov dword ptr [esp], 71873D00h	0_2_00AF6E1D
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF61AB push 01080234h; mov dword ptr [esp], edx	0_2_00AF6E5A
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00AF61AB push 1BD89C48h; mov dword ptr [esp], ebp	0_2_00AF6EFB
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6418F push eax; mov dword ptr [esp], edi	0_2_00C64199
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6418F push edi; mov dword ptr [esp], edx	0_2_00C64231
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6418F push ecx; mov dword ptr [esp], ebx	0_2_00C64260
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Code function: 0_2_00C6418F push 2DC22F8Bh; mov dword ptr [esp], eax	0_2_00C642D7

Source: 44EPDJT1V8.exe

Static PE information: section name: entropy: 7.9821276687644165

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Window searched: window name: Regmonclass	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: AF82B7 second address: AF82CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC25159C03h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: AF82CE second address: AF7AFD instructions: 0x00000000 rdtsc 0x00000002 jg 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f cmc 0x00000010 push dword ptr [ebp+122D04A1h] 0x00000016 jmp 00007EFC2515BA44h 0x0000001b call dword ptr [ebp+122D35A9h] 0x00000021 pushad 0x00000022 pushad 0x00000023 movzx eax, ax 0x00000026 push eax 0x00000027 mov ax, EC62h 0x0000002b pop edx 0x0000002c popad 0x0000002d xor eax, eax 0x0000002f jc 00007EFC2515BA40h 0x00000035 jmp 00007EFC2515BA3Ah 0x0000003a mov edx, dword ptr [esp+28h] 0x0000003e xor dword ptr [ebp+122D34FDh], edi 0x00000044 mov dword ptr [ebp+122D2C4Bh], eax 0x0000004a jmp 00007EFC2515BA45h 0x0000004f mov esi, 0000003Ch 0x00000054 clc 0x00000055 add esi, dword ptr [esp+24h] 0x00000059 jc 00007EFC2515BA3Ch 0x0000005f sub dword ptr [ebp+122D3544h], esi 0x00000065 cmc 0x00000066 lodsw 0x00000068 mov dword ptr [ebp+122D34FDh], esi 0x0000006e add eax, dword ptr [esp+24h] 0x00000072 mov dword ptr [ebp+122D3544h], edx 0x00000078 mov ebx, dword ptr [esp+24h] 0x0000007c stc 0x0000007d push eax 0x0000007e push esi 0x0000007f push eax 0x00000080 push edx 0x00000081 push ecx 0x00000082 pop ecx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C74FF4 second address: C74FFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C74FFA second address: C75000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C75000 second address: C75004 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C73FCA second address: C73FD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C73FD0 second address: C73FD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C73FD8 second address: C73FE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 je 00007EFC2515BA36h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C74476 second address: C74481 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007EFC25159BF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C74481 second address: C744A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007EFC2515BA40h 0x0000000e jnp 00007EFC2515BA36h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77585 second address: C775E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov dword ptr [esp], eax 0x0000000d xor dword ptr [ebp+122D38E8h], esi 0x00000013 jnp 00007EFC25159BFCh 0x00000019 push 00000000h 0x0000001b je 00007EFC25159BFBh 0x00000021 add di, 29B0h 0x00000026 push F11C29BDh 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007EFC25159C07h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C775E1 second address: C775F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC2515BA3Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C775F2 second address: C775F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C775F6 second address: C7763B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 0EE3D6C3h 0x0000000f mov ecx, dword ptr [ebp+122D35B5h] 0x00000015 push 00000003h 0x00000017 cmc 0x00000018 push 00000000h 0x0000001a mov dl, EFh 0x0000001c push 00000003h 0x0000001e jg 00007EFC2515BA3Ch 0x00000024 push BDDEEA8Bh 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007EFC2515BA43h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C7763B second address: C77646 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77646 second address: C776B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 add dword ptr [esp], 02211575h 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007EFC2515BA38h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D3596h], eax 0x0000002d lea ebx, dword ptr [ebp+12453490h] 0x00000033 call 00007EFC2515BA40h 0x00000038 or cx, 3E72h 0x0000003d pop edx 0x0000003e stc 0x0000003f xchg eax, ebx 0x00000040 pushad 0x00000041 jmp 00007EFC2515BA3Ch 0x00000046 push edx 0x00000047 jg 00007EFC2515BA36h 0x0000004d pop edx 0x0000004e popad 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push edx 0x00000053 pushad 0x00000054 popad 0x00000055 pop edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C776F2 second address: C77704 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b jbe 00007EFC25159BF6h 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77704 second address: C7770E instructions: 0x00000000 rdtsc 0x00000002 je 00007EFC2515BA3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C7770E second address: C7775C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebp 0x0000000a call 00007EFC25159BF8h 0x0000000f pop ebp 0x00000010 mov dword ptr [esp+04h], ebp 0x00000014 add dword ptr [esp+04h], 00000015h 0x0000001c inc ebp 0x0000001d push ebp 0x0000001e ret 0x0000001f pop ebp 0x00000020 ret 0x00000021 jl 00007EFC25159C02h 0x00000027 jno 00007EFC25159BFCh 0x0000002d push 00000000h 0x0000002f push ebx 0x00000030 mov dword ptr [ebp+122D3521h], ecx 0x00000036 pop esi 0x00000037 call 00007EFC25159BF9h 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f push edx 0x00000040 pop edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C7775C second address: C777C0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007EFC2515BA3Fh 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007EFC2515BA40h 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a pushad 0x0000001b jc 00007EFC2515BA3Ch 0x00000021 jl 00007EFC2515BA36h 0x00000027 pushad 0x00000028 pushad 0x00000029 popad 0x0000002a jnc 00007EFC2515BA36h 0x00000030 popad 0x00000031 popad 0x00000032 mov eax, dword ptr [eax] 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 jmp 00007EFC2515BA45h 0x0000003c push esi 0x0000003d pop esi 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C777C0 second address: C777C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C777C6 second address: C777CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C7795D second address: C7796B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007EFC25159BFCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C7796B second address: C779BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 add dword ptr [ebp+122D3538h], ebx 0x0000000e mov esi, dword ptr [ebp+122D2437h] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007EFC2515BA38h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 mov dword ptr [ebp+122D1CBCh], ebx 0x00000036 mov cl, 59h 0x00000038 call 00007EFC2515BA39h 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 pushad 0x00000041 popad 0x00000042 pushad 0x00000043 popad 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C779BA second address: C779D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C779D8 second address: C779FE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007EFC2515BA48h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C779FE second address: C77A18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007EFC25159BFCh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77A18 second address: C77A39 instructions: 0x00000000 rdtsc 0x00000002 jg 00007EFC2515BA38h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f jno 00007EFC2515BA3Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77A39 second address: C77A84 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 mov si, B762h 0x0000000c push 00000003h 0x0000000e pushad 0x0000000f pushad 0x00000010 mov esi, 18A783C0h 0x00000015 popad 0x00000016 pushad 0x00000017 mov dh, bh 0x00000019 or eax, 49299619h 0x0000001f popad 0x00000020 popad 0x00000021 push 00000000h 0x00000023 mov si, 467Bh 0x00000027 mov dx, 1C32h 0x0000002b push 00000003h 0x0000002d mov edi, 6E16AB9Ah 0x00000032 sub dword ptr [ebp+122D273Eh], eax 0x00000038 call 00007EFC25159BF9h 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 jg 00007EFC25159BF6h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77A84 second address: C77A8E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77A8E second address: C77AA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AA3 second address: C77AA9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AA9 second address: C77AAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AAF second address: C77AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AB3 second address: C77ACE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77ACE second address: C77AF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 js 00007EFC2515BA38h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e mov eax, dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007EFC2515BA42h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AF4 second address: C77AF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C77AF8 second address: C77AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C895E5 second address: C895E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C895E9 second address: C895ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C895ED second address: C895F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5B586 second address: C5B58A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C96B57 second address: C96B61 instructions: 0x00000000 rdtsc 0x00000002 jp 00007EFC25159BFEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C96D10 second address: C96D14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C96F61 second address: C96F6A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C96F6A second address: C96FA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC2515BA48h 0x00000009 jg 00007EFC2515BA36h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ebx 0x00000013 jmp 00007EFC2515BA3Fh 0x00000018 push eax 0x00000019 push edx 0x0000001a push edi 0x0000001b pop edi 0x0000001c jp 00007EFC2515BA36h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97623 second address: C97631 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007EFC25159BFCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97631 second address: C97639 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97639 second address: C97643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007EFC25159BF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9779A second address: C977FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA43h 0x00000007 jg 00007EFC2515BA36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnp 00007EFC2515BA49h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007EFC2515BA42h 0x0000001d jmp 00007EFC2515BA45h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97964 second address: C9796A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97CA9 second address: C97CB3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007EFC2515BA36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97CB3 second address: C97CB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97CB9 second address: C97CBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97CBF second address: C97CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C97CC5 second address: C97CC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C8D857 second address: C8D86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jp 00007EFC25159C02h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C8D86E second address: C8D878 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007EFC2515BA36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C8D878 second address: C8D896 instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007EFC25159C00h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C6DD16 second address: C6DD2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC2515BA44h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C6DD2E second address: C6DD38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C6DD38 second address: C6DD3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C983E3 second address: C983ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007EFC25159BF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C983ED second address: C983F3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9854C second address: C98562 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jns 00007EFC25159BF6h 0x0000000b jnp 00007EFC25159BF6h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9CF3E second address: C9CF43 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D0B3 second address: C9D0B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D0B9 second address: C9D0D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D0D4 second address: C9D0D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D0D9 second address: C9D0E9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D0E9 second address: C9D121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 js 00007EFC25159BF8h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 jns 00007EFC25159C08h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jl 00007EFC25159BFCh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D121 second address: C9D125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9B85C second address: C9B860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9B860 second address: C9B86A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D3ED second address: C9D3F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C9D3F1 second address: C9D3F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C672AF second address: C672B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C672B3 second address: C672B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C672B9 second address: C672CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC25159C02h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA2A13 second address: CA2A36 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jo 00007EFC2515BA36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007EFC2515BA47h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C68CED second address: C68CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA6320 second address: CA6324 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA6324 second address: CA632A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA632A second address: CA6345 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA45h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA6345 second address: CA6349 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C63C3C second address: C63C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007EFC2515BA3Eh 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007EFC2515BA48h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA5BC0 second address: CA5BC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA5BC4 second address: CA5BD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007EFC2515BA36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA5E7D second address: CA5E8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA6011 second address: CA6040 instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007EFC2515BA3Eh 0x00000010 jmp 00007EFC2515BA44h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA617D second address: CA6182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA6182 second address: CA61B4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 ja 00007EFC2515BA36h 0x0000000f pop edx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 jo 00007EFC2515BA36h 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007EFC2515BA3Fh 0x00000026 push esi 0x00000027 pop esi 0x00000028 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA88C9 second address: CA88FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007EFC25159C01h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA88FB second address: CA88FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8B2C second address: CA8B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8EF6 second address: CA8EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA95FD second address: CA9602 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA9720 second address: CA972A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA9B6C second address: CA9BB3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 js 00007EFC25159BF6h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 jne 00007EFC25159BF8h 0x00000019 push edx 0x0000001a jmp 00007EFC25159C08h 0x0000001f pop edx 0x00000020 popad 0x00000021 nop 0x00000022 and si, 45A3h 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a ja 00007EFC25159BF8h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0B2 second address: CAA0B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0B6 second address: CAA0D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C09h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0D3 second address: CAA0D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0D9 second address: CAA0DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0DD second address: CAA0EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAA0EB second address: CAA0EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAABF second address: CAAAC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAAC5 second address: CAAAD7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnp 00007EFC25159BFEh 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAAD7 second address: CAAAF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 nop 0x00000006 movzx edi, cx 0x00000009 push 00000000h 0x0000000b sub dword ptr [ebp+122D396Ah], esi 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 or dword ptr [ebp+122D2964h], esi 0x0000001a pop esi 0x0000001b xchg eax, ebx 0x0000001c pushad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAAF7 second address: CAAAFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAAFD second address: CAAB0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007EFC2515BA36h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAB0A second address: CAAB0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAB0E second address: CAAB1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAAB1C second address: CAAB26 instructions: 0x00000000 rdtsc 0x00000002 jg 00007EFC25159BFCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CABB30 second address: CABB3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CABB3B second address: CABBAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jc 00007EFC25159C01h 0x0000000d jmp 00007EFC25159BFBh 0x00000012 nop 0x00000013 jmp 00007EFC25159C03h 0x00000018 push 00000000h 0x0000001a mov dword ptr [ebp+122D23F9h], edx 0x00000020 pushad 0x00000021 mov dx, 3861h 0x00000025 popad 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b call 00007EFC25159BF8h 0x00000030 pop edx 0x00000031 mov dword ptr [esp+04h], edx 0x00000035 add dword ptr [esp+04h], 00000018h 0x0000003d inc edx 0x0000003e push edx 0x0000003f ret 0x00000040 pop edx 0x00000041 ret 0x00000042 and edi, dword ptr [ebp+122D35BAh] 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007EFC25159BFBh 0x00000050 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAD287 second address: CAD28B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CAD28B second address: CAD2A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C07h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CACFA6 second address: CACFAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CACFAA second address: CACFB3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB349A second address: CB34A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB4636 second address: CB463B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB463B second address: CB46CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jp 00007EFC2515BA40h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007EFC2515BA38h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000018h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007EFC2515BA38h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 00000016h 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a jc 00007EFC2515BA4Ah 0x00000050 jmp 00007EFC2515BA44h 0x00000055 xchg eax, esi 0x00000056 push eax 0x00000057 push edx 0x00000058 jl 00007EFC2515BA38h 0x0000005e push esi 0x0000005f pop esi 0x00000060 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB675A second address: CB675E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB591B second address: CB5920 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB68FC second address: CB6906 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB87BD second address: CB87CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB87CE second address: CB8829 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007EFC25159BFCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d or dword ptr [ebp+122D396Ah], ecx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007EFC25159BF8h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f push 00000000h 0x00000031 xchg eax, esi 0x00000032 jne 00007EFC25159C00h 0x00000038 push eax 0x00000039 jo 00007EFC25159C0Ah 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 pop eax 0x00000043 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CB9B5C second address: CB9B62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBAC20 second address: CBAC33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC25159BFEh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBDEC8 second address: CBDECE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC0F71 second address: CC0F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF3F second address: CBEF43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBE076 second address: CBE0F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007EFC25159BF8h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 jno 00007EFC25159BFCh 0x0000002b push dword ptr fs:[00000000h] 0x00000032 push 00000000h 0x00000034 push esi 0x00000035 call 00007EFC25159BF8h 0x0000003a pop esi 0x0000003b mov dword ptr [esp+04h], esi 0x0000003f add dword ptr [esp+04h], 00000014h 0x00000047 inc esi 0x00000048 push esi 0x00000049 ret 0x0000004a pop esi 0x0000004b ret 0x0000004c mov bx, si 0x0000004f mov dword ptr fs:[00000000h], esp 0x00000056 mov bx, dx 0x00000059 mov dword ptr [ebp+12453DD2h], esi 0x0000005f mov eax, dword ptr [ebp+122D0925h] 0x00000065 mov edi, eax 0x00000067 push FFFFFFFFh 0x00000069 mov bx, 828Ah 0x0000006d nop 0x0000006e push eax 0x0000006f push edx 0x00000070 push esi 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBD1AB second address: CBD1AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF43 second address: CBEF51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBE0F3 second address: CBE0F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBD1AF second address: CBD1B5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF51 second address: CBEF55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBE0F8 second address: CBE0FD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBD1B5 second address: CBD1C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC2515BA3Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF55 second address: CBEF5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBD1C8 second address: CBD1ED instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007EFC2515BA46h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF5B second address: CBEF61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBEF61 second address: CBEF65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EE3 second address: CC1EE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EE7 second address: CC1EEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EEB second address: CC1EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBF033 second address: CBF037 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EF1 second address: CC1EF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBF037 second address: CBF049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jnp 00007EFC2515BA48h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EF7 second address: CC1EFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBF049 second address: CBF04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1EFB second address: CC1F0C instructions: 0x00000000 rdtsc 0x00000002 jng 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CBF04D second address: CBF051 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC1F0C second address: CC1F12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC2EC2 second address: CC2F1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jns 00007EFC2515BA3Bh 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007EFC2515BA38h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Ch 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b mov dword ptr [ebp+124750A8h], ebx 0x00000031 push 00000000h 0x00000033 mov ebx, edi 0x00000035 xchg eax, esi 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 pushad 0x0000003a popad 0x0000003b jmp 00007EFC2515BA3Eh 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC2050 second address: CC2066 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC2F1B second address: CC2F40 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFC2515BA38h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007EFC2515BA45h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC2066 second address: CC206A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC210E second address: CC2114 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC2114 second address: CC2118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC3050 second address: CC305F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007EFC2515BA36h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC5EBA second address: CC5EC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jc 00007EFC25159BF6h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC3FB3 second address: CC3FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC4066 second address: CC4082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC25159C08h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CC4082 second address: CC4095 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CCD69E second address: CCD6BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007EFC25159C07h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CCD0A1 second address: CCD0A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CCD0A7 second address: CCD0C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC25159C09h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C657A5 second address: C657A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C657A9 second address: C657AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB36 second address: C5EB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007EFC2515BA45h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB54 second address: C5EB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB58 second address: C5EB5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB5E second address: C5EB64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB64 second address: C5EB6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007EFC2515BA36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EB6E second address: C5EBE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007EFC25159C09h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007EFC25159C03h 0x00000019 jmp 00007EFC25159BFFh 0x0000001e popad 0x0000001f push esi 0x00000020 jmp 00007EFC25159BFEh 0x00000025 ja 00007EFC25159BF6h 0x0000002b pop esi 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C5EBE0 second address: C5EBE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD7AEA second address: CD7B2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007EFC25159BFCh 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 jnl 00007EFC25159BF6h 0x00000017 jmp 00007EFC25159C04h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD7B2B second address: CD7B50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007EFC2515BA3Fh 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007EFC2515BA3Ah 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD8129 second address: CD812F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD812F second address: CD8141 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC2515BA3Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD82B8 second address: CD82BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD843B second address: CD8440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD8736 second address: CD8748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 push edx 0x0000000a jnp 00007EFC25159BF6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD8748 second address: CD874D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD874D second address: CD8762 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007EFC25159BFCh 0x0000000a pop esi 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD8762 second address: CD8775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007EFC2515BA36h 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CD8775 second address: CD8798 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007EFC25159BF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007EFC25159C07h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDD9BB second address: CDD9CF instructions: 0x00000000 rdtsc 0x00000002 jg 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007EFC2515BA36h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDD9CF second address: CDD9FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007EFC25159BF6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007EFC25159BFFh 0x00000011 pushad 0x00000012 jc 00007EFC25159BF6h 0x00000018 push edx 0x00000019 pop edx 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f jns 00007EFC25159BF6h 0x00000025 pop esi 0x00000026 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDD9FF second address: CDDA18 instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFC2515BA3Ah 0x00000008 pushad 0x00000009 jmp 00007EFC2515BA3Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDDB59 second address: CDDB75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFCh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push esi 0x0000000d pop esi 0x0000000e jnl 00007EFC25159BF6h 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDDB75 second address: CDDB7F instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFC2515BA3Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDDB7F second address: CDDB8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDDE50 second address: CDDE58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDE380 second address: CDE393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007EFC25159BFCh 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDE393 second address: CDE399 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C8E427 second address: C8E457 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFCh 0x00000007 jmp 00007EFC25159C07h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jnp 00007EFC25159BF6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDEA40 second address: CDEA46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDEA46 second address: CDEA88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007EFC25159C08h 0x0000000b popad 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007EFC25159C10h 0x00000015 push edi 0x00000016 pop edi 0x00000017 jmp 00007EFC25159C08h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDD3D5 second address: CDD3E4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jne 00007EFC2515BA36h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CDD3E4 second address: CDD3EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC851 second address: CEC857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC857 second address: CEC85B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC85B second address: CEC880 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA46h 0x00000007 jns 00007EFC2515BA36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C8D86A second address: C8D86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC21E second address: CEC226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC226 second address: CEC233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007EFC25159BFEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC233 second address: CEC23D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC23D second address: CEC243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC243 second address: CEC26B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007EFC2515BA3Ah 0x0000000e jmp 00007EFC2515BA45h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC26B second address: CEC271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CEC271 second address: CEC277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C606A9 second address: C606AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: C606AD second address: C606B7 instructions: 0x00000000 rdtsc 0x00000002 jo 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA72B9 second address: CA72F5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007EFC25159BF8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007EFC25159BF8h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 lea eax, dword ptr [ebp+12483009h] 0x0000002f add dword ptr [ebp+122D3544h], ecx 0x00000035 nop 0x00000036 push edx 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA72F5 second address: CA72FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA72FB second address: CA730C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007EFC25159BF8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA730C second address: CA7312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7312 second address: C8D857 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007EFC25159BF8h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 call dword ptr [ebp+12453C39h] 0x00000029 jmp 00007EFC25159C09h 0x0000002e push eax 0x0000002f push edx 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7480 second address: CA7484 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA78AF second address: CA78B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA78B6 second address: CA78CD instructions: 0x00000000 rdtsc 0x00000002 jne 00007EFC2515BA3Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA79A5 second address: CA79BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA79BB second address: CA79D4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007EFC2515BA3Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA79D4 second address: CA7A15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007EFC25159BF8h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 call 00007EFC25159BF9h 0x0000002a jng 00007EFC25159C08h 0x00000030 push eax 0x00000031 push edx 0x00000032 jno 00007EFC25159BF6h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7A15 second address: CA7A3B instructions: 0x00000000 rdtsc 0x00000002 je 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jns 00007EFC2515BA42h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7A3B second address: CA7A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007EFC25159BF6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7B65 second address: CA7B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007EFC2515BA3Fh 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d jc 00007EFC2515BA3Ch 0x00000013 jnp 00007EFC2515BA36h 0x00000019 push eax 0x0000001a push edx 0x0000001b je 00007EFC2515BA36h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7DCD second address: CA7DD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA7DD3 second address: CA7DF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007EFC2515BA36h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8315 second address: CA831B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA84E7 second address: CA84ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA855F second address: CA8571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jp 00007EFC25159BF6h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8571 second address: CA8587 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC2515BA42h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8587 second address: CA85F2 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007EFC25159BF8h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 jg 00007EFC25159BFCh 0x0000002d mov dx, 6D90h 0x00000031 lea eax, dword ptr [ebp+1248304Dh] 0x00000037 push 00000000h 0x00000039 push ebx 0x0000003a call 00007EFC25159BF8h 0x0000003f pop ebx 0x00000040 mov dword ptr [esp+04h], ebx 0x00000044 add dword ptr [esp+04h], 0000001Dh 0x0000004c inc ebx 0x0000004d push ebx 0x0000004e ret 0x0000004f pop ebx 0x00000050 ret 0x00000051 nop 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 push edx 0x00000057 pop edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA85F2 second address: CA85FC instructions: 0x00000000 rdtsc 0x00000002 ja 00007EFC2515BA36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA85FC second address: CA8601 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA8601 second address: C8E427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007EFC2515BA3Bh 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007EFC2515BA38h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D1C80h], ebx 0x00000030 jmp 00007EFC2515BA3Dh 0x00000035 lea eax, dword ptr [ebp+12483009h] 0x0000003b jmp 00007EFC2515BA41h 0x00000040 nop 0x00000041 jmp 00007EFC2515BA41h 0x00000046 push eax 0x00000047 jnp 00007EFC2515BA3Ah 0x0000004d nop 0x0000004e jo 00007EFC2515BA3Ah 0x00000054 mov dx, 95F4h 0x00000058 call dword ptr [ebp+1245B625h] 0x0000005e pushad 0x0000005f pushad 0x00000060 pushad 0x00000061 popad 0x00000062 jng 00007EFC2515BA36h 0x00000068 popad 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c pop eax 0x0000006d rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF03D3 second address: CF03D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF03D7 second address: CF03DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF03DB second address: CF040C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jno 00007EFC25159C0Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007EFC25159BF6h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF040C second address: CF0412 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF0A8D second address: CF0A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007EFC25159BF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF0A97 second address: CF0A9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF36FE second address: CF3702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF61A1 second address: CF61AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF61AA second address: CF61B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF632A second address: CF6330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF6330 second address: CF6334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CF64B0 second address: CF64D3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007EFC2515BA41h 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jl 00007EFC2515BA36h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFA899 second address: CFA8B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFC25159C02h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFA196 second address: CFA19A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFA19A second address: CFA1A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFA1A0 second address: CFA1AC instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFC2515BA3Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFA5BC second address: CFA5EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C01h 0x00000007 jmp 00007EFC25159C09h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFFC2F second address: CFFC33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFFEC8 second address: CFFEE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007EFC25159BFBh 0x0000000d popad 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFFEE4 second address: CFFEEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFFEEA second address: CFFEEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CFFEEE second address: CFFF2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007EFC2515BA3Ch 0x0000000e jc 00007EFC2515BA36h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 jmp 00007EFC2515BA3Bh 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007EFC2515BA48h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: CA80B7 second address: CA80C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007EFC25159BF6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D00377 second address: D0037D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0037D second address: D00381 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D00381 second address: D00387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D00387 second address: D0038D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0038D second address: D003AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007EFC2515BA42h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D003AA second address: D003AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D003AE second address: D003D9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007EFC2515BA3Fh 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e jmp 00007EFC2515BA41h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D003D9 second address: D003E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D05268 second address: D0526E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0457C second address: D0459F instructions: 0x00000000 rdtsc 0x00000002 jne 00007EFC25159C15h 0x00000008 jmp 00007EFC25159C09h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D046CB second address: D046D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007EFC2515BA36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D046D5 second address: D046EF instructions: 0x00000000 rdtsc 0x00000002 jns 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007EFC25159BFCh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D046EF second address: D046F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D04B16 second address: D04B20 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFC25159BF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D04DE9 second address: D04E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC2515BA43h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D04E05 second address: D04E0F instructions: 0x00000000 rdtsc 0x00000002 je 00007EFC25159BF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0D986 second address: D0D9E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA3Ch 0x00000007 jmp 00007EFC2515BA46h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jp 00007EFC2515BA47h 0x00000015 jne 00007EFC2515BA3Ch 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007EFC2515BA3Eh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0BC02 second address: D0BC07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0C251 second address: D0C25B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007EFC2515BA36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0C25B second address: D0C283 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C05h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007EFC25159BFCh 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D0C283 second address: D0C28B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D123C1 second address: D123D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007EFC25159BFAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15565 second address: D15569 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15569 second address: D15581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007EFC25159BFDh 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D156C8 second address: D156CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D156CE second address: D156DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 jng 00007EFC25159BF6h 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D156DD second address: D156F4 instructions: 0x00000000 rdtsc 0x00000002 js 00007EFC2515BA3Ah 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007EFC2515BA36h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D156F4 second address: D1572C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159C09h 0x00000007 jmp 00007EFC25159C08h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15B6D second address: D15B95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007EFC2515BA38h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E1F second address: D15E25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E25 second address: D15E2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E2A second address: D15E2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E2F second address: D15E3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007EFC2515BA36h 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E3D second address: D15E46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D15E46 second address: D15E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC2515BA3Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D160C5 second address: D160D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC25159BFFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D1D474 second address: D1D479 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D1E046 second address: D1E05C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jc 00007EFC25159BFEh 0x0000000b push edx 0x0000000c pop edx 0x0000000d jg 00007EFC25159BF6h 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D1E229 second address: D1E232 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D1E97B second address: D1E97F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D1E97F second address: D1E98B instructions: 0x00000000 rdtsc 0x00000002 jne 00007EFC2515BA36h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D2552C second address: D25532 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D25532 second address: D25536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D25809 second address: D25850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 jmp 00007EFC25159C08h 0x0000000e jmp 00007EFC25159BFEh 0x00000013 pop eax 0x00000014 jno 00007EFC25159C07h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D33EC6 second address: D33ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D33ECA second address: D33ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D33ECE second address: D33ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D33ED8 second address: D33EE2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007EFC25159BF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D33EE2 second address: D33F1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007EFC2515BA38h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007EFC2515BA48h 0x00000015 jmp 00007EFC2515BA42h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D379BF second address: D379D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC25159C04h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D379D7 second address: D37A00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007EFC2515BA40h 0x00000009 jmp 00007EFC2515BA45h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D46274 second address: D46278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D46278 second address: D46282 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007EFC2515BA36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D487CD second address: D487D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D487D3 second address: D487D9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4F3EC second address: D4F404 instructions: 0x00000000 rdtsc 0x00000002 jp 00007EFC25159BF6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4F99C second address: D4F9A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4F9A5 second address: D4F9AD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4F9AD second address: D4F9C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007EFC2515BA3Fh 0x00000007 jg 00007EFC2515BA3Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4F9C6 second address: D4FA03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007EFC25159C00h 0x0000000f jnc 00007EFC25159BF6h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a jmp 00007EFC25159C08h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4FA03 second address: D4FA1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007EFC2515BA3Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D4FA1C second address: D4FA20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D5083E second address: D50844 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D50844 second address: D5084A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D5084A second address: D5084E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D5084E second address: D50852 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D543F2 second address: D543F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D543F6 second address: D543FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D53FDC second address: D53FF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007EFC2515BA3Bh 0x0000000b jp 00007EFC2515BA36h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D54162 second address: D54166 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D61E82 second address: D61E8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007EFC2515BA36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D70A0D second address: D70A11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D70846 second address: D7085C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007EFC2515BA41h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D73E5A second address: D73E5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D765B2 second address: D765B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D765B6 second address: D765BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D765BC second address: D765CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D765CE second address: D765D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8B152 second address: D8B158 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8B158 second address: D8B18B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007EFC25159C09h 0x0000000b jmp 00007EFC25159C01h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8B18B second address: D8B1B2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007EFC2515BA51h 0x00000008 jmp 00007EFC2515BA49h 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D89F0D second address: D89F1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007EFC25159BF6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D89F1F second address: D89F27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D89F27 second address: D89F6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007EFC25159C13h 0x0000000b jmp 00007EFC25159C07h 0x00000010 ja 00007EFC25159BF6h 0x00000016 pushad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 push eax 0x0000001a pop eax 0x0000001b jmp 00007EFC25159C05h 0x00000020 popad 0x00000021 pushad 0x00000022 push eax 0x00000023 pop eax 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8A0ED second address: D8A10B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007EFC2515BA41h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8A3DE second address: D8A42D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007EFC25159C08h 0x00000009 popad 0x0000000a jng 00007EFC25159BFAh 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007EFC25159C07h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007EFC25159BFEh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8AB21 second address: D8AB34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 je 00007EFC2515BA3Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	RDTSC instruction interceptor: First address: D8DFE9 second address: D8DFEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Special instruction interceptor: First address: AF7AAE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Special instruction interceptor: First address: AF7B19 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Special instruction interceptor: First address: CA74F1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Special instruction interceptor: First address: D2AA77 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Special instruction interceptor: First address: C9B6BB instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Code function: 0_2_00AF801B rdtsc

0_2_00AF801B

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\44EPDJT1V8.exe TID: 936

Thread sleep time: -120000s >= -30000s

Jump to behavior

Source: 44EPDJT1V8.exe, 44EPDJT1V8.exe, 00000000.00000002.2182383425.0000000000C7C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 44EPDJT1V8.exe, 00000000.00000002.2183677507.0000000001337000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: 44EPDJT1V8.exe, 00000000.00000002.2183776055.000000000138B000.00000004.00000020.00020000.00000000.sdmp, 44EPDJT1V8.exe, 00000000.00000003.2178644135.000000000138B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 44EPDJT1V8.exe, 00000000.00000002.2182383425.0000000000C7C000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	File opened: NTICE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	File opened: SICE
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\44EPDJT1V8.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Code function: 0_2_00AF801B rdtsc

0_2_00AF801B

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Code function: 0_2_00ADC1F0 LdrInitializeThunk,

0_2_00ADC1F0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: 44EPDJT1V8.exe	String found in binary or memory: rapeflowwj.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: sustainskelet.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: crosshuaht.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: energyaffai.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: aspecteirs.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: discokeyus.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: necklacebudi.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: sweepyribs.lat
Source: 44EPDJT1V8.exe	String found in binary or memory: grannyejh.lat

Source: 44EPDJT1V8.exe, 44EPDJT1V8.exe, 00000000.00000002.2182670472.0000000000CC6000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: '%Program Manager

Source: C:\Users\user\Desktop\44EPDJT1V8.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

ID:	1579766
Product:	CloudBasic
Start time:	08:47:59
Start date:	23.12.2024
Sample:	44EPDJT1V8.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	a3571453e79576dfa561f638ea11aa54
SHA1:	9f6a92b26efda469c87c3ca11137af3f4d676727
SHA256:	106088a34ac513804b7c2a73ef9462863f0870d6ccfecee611e43d8258d959d1
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
44EPDJT1V8.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report 44EPDJT1V8.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
44EPDJT1V8.exe

Malware Threat Intel
Provided by