Windows Analysis Report
mgEXk8ip26.exe

Overview

General Information

Sample name:	mgEXk8ip26.exe renamed because original name is a hash value
Original sample name:	f54dd0914c65108d5f72049dc5490f53.exe
Analysis ID:	1579774
MD5:	f54dd0914c65108d5f72049dc5490f53
SHA1:	2698c99f98e65b28f31f9bdc0e68b6941de38f2a
SHA256:	4a2803914a4269806a4cb5525ec40edaf2274e496d0e9d87be9988d1da4b02d5
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: mgEXk8ip26.exe

Avira: detected

Found malware configuration

Source: mgEXk8ip26.exe.7352.1.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["crosshuaht.lat", "discokeyus.lat", "necklacebudi.lat", "grannyejh.lat", "sustainskelet.lat", "aspecteirs.lat", "energyaffai.lat", "sweepyribs.lat", "rapeflowwj.lat"], "Build id": "PsFKDg--pablo"}

Multi AV Scanner detection for submitted file

Source: mgEXk8ip26.exe	Virustotal: Detection: 51%			Perma Link
Source: mgEXk8ip26.exe	ReversingLabs: Detection: 57%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: mgEXk8ip26.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: rapeflowwj.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: crosshuaht.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: sustainskelet.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: aspecteirs.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: energyaffai.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: necklacebudi.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: discokeyus.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: grannyejh.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: sweepyribs.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: PsFKDg--pablo

Uses 32bit PE files

Source: mgEXk8ip26.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49718 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]	1_2_009FC767
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then lea edx, dword ptr [ecx+01h]	1_2_009CB70C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov edx, ecx	1_2_009C9C4A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, esi	1_2_009E2190
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ebx], cx	1_2_009E2190
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	1_2_009E2190
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]	1_2_009D6263
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then jmp dword ptr [00A0450Ch]	1_2_009D8591
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h	1_2_009F85E0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then jmp eax	1_2_009F85E0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov eax, dword ptr [00A0473Ch]	1_2_009DC653
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]	1_2_009DE7C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	1_2_009EA700
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, edx	1_2_009CC8B6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+4B6A4A26h]	1_2_009CC8B6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov edx, ecx	1_2_009F8810
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh	1_2_009F8810
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh	1_2_009F8810
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then test eax, eax	1_2_009F8810
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_009D682D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]	1_2_009D682D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]	1_2_009D682D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then push ebx	1_2_009FCA93
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], cl	1_2_009ECAD0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], cl	1_2_009ECA49
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp al, 2Eh	1_2_009E6B95
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], cl	1_2_009ECB11
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], cl	1_2_009ECB22
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_009DCB40
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [esi], cx	1_2_009DCB40
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_009E8B61
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	1_2_009FECA0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov eax, dword ptr [ebp-68h]	1_2_009E8D93
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, eax	1_2_009FAEC0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	1_2_009FEFB0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then xor byte ptr [esp+eax+17h], al	1_2_009C8F50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], bl	1_2_009C8F50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then push C0BFD6CCh	1_2_009E3086
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then push C0BFD6CCh	1_2_009E3086
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ecx], dx	1_2_009E91DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	1_2_009E91DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h	1_2_009FB1D0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, eax	1_2_009FB1D0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	1_2_009EB170
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ebx], ax	1_2_009DB2E0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]	1_2_009D5220
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	1_2_009D7380
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h	1_2_009DD380
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax]	1_2_009FF330
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ecx], dx	1_2_009E91DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	1_2_009E91DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	1_2_009C74F0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	1_2_009C74F0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	1_2_009D7380
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	1_2_009F5450
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then xor edi, edi	1_2_009D759F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, eax	1_2_009C9580
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ebp+00h], ax	1_2_009C9580
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov esi, eax	1_2_009D5799
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, eax	1_2_009D5799
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx eax, word ptr [edx]	1_2_009D97C2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [edi], dx	1_2_009D97C2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [esi], cx	1_2_009D97C2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ecx], bp	1_2_009DD83A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then jmp eax	1_2_009E984F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]	1_2_009E3860
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, eax	1_2_009C5990
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebp, eax	1_2_009C5990
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000080h]	1_2_009D79C1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then push esi	1_2_009E7AD3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [esi], al	1_2_009EDA53
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, eax	1_2_009CDBD9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, eax	1_2_009CDBD9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then push 00000000h	1_2_009E9C2B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]	1_2_009D7DEE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then jmp dword ptr [00A055F4h]	1_2_009E5E30
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov edx, ebp	1_2_009E5E70
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then jmp ecx	1_2_009CBFFD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, ebx	1_2_009EDFE9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [esi], al	1_2_009DBF14
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov eax, dword ptr [ebx+edi+44h]	1_2_009D9F30

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.6:63895 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.6:50654 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:53798 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.6:50275 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.6:53314 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.6:53448 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.6:50418 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.6:53102 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.6:63860 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49716 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49718 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49718 -> 104.21.66.86:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: crosshuaht.lat
Source: Malware configuration extractor	URLs: discokeyus.lat
Source: Malware configuration extractor	URLs: necklacebudi.lat
Source: Malware configuration extractor	URLs: grannyejh.lat
Source: Malware configuration extractor	URLs: sustainskelet.lat
Source: Malware configuration extractor	URLs: aspecteirs.lat
Source: Malware configuration extractor	URLs: energyaffai.lat
Source: Malware configuration extractor	URLs: sweepyribs.lat
Source: Malware configuration extractor	URLs: rapeflowwj.lat

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.21.66.86 104.21.66.86
Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49724 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49716 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49718 -> 104.21.66.86:443

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: s://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytim equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic	DNS traffic detected: DNS query: grannyejh.lat
Source: global traffic	DNS traffic detected: DNS query: discokeyus.lat
Source: global traffic	DNS traffic detected: DNS query: necklacebudi.lat
Source: global traffic	DNS traffic detected: DNS query: energyaffai.lat
Source: global traffic	DNS traffic detected: DNS query: aspecteirs.lat
Source: global traffic	DNS traffic detected: DNS query: sustainskelet.lat
Source: global traffic	DNS traffic detected: DNS query: crosshuaht.lat
Source: global traffic	DNS traffic detected: DNS query: rapeflowwj.lat
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: lev-tolstoi.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com

Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.c
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aspecteirs.lat:443/api
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.co8
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.1
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.f
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.st
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steam
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamst
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamsta
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.
Source: mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/p
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/pg
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/c
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/sticker
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013CE000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHV
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=engl
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/pro
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.o
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientc
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://energyaffai.lat:443/apiT
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat:443/api
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260432379.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231900797.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2232032860.000000000141B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/api
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/api%
Source: mgEXk8ip26.exe, 00000001.00000002.2260432379.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/pi
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com:443/api
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com:443/api-
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/L
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytim
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.co
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013CE000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steam
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.c
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/st
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sweepyribs.lat:443/api
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49718 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: mgEXk8ip26.exe	Static PE information: section name:
Source: mgEXk8ip26.exe	Static PE information: section name: .idata
Source: mgEXk8ip26.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C8850	1_2_009C8850
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009CACF0	1_2_009CACF0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2A0A3	1_2_00A2A0A3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF00A8	1_2_00AF00A8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9A0BE	1_2_00A9A0BE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B360AF	1_2_00B360AF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADA080	1_2_00ADA080
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A22094	1_2_00A22094
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B120F6	1_2_00B120F6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A640F7	1_2_00A640F7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3E0F1	1_2_00A3E0F1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACA0F6	1_2_00ACA0F6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE00F3	1_2_00AE00F3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2C033	1_2_00B2C033
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B08032	1_2_00B08032
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3A028	1_2_00A3A028
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6003C	1_2_00A6003C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7603A	1_2_00A7603A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5E009	1_2_00A5E009
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9401B	1_2_00A9401B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACC01E	1_2_00ACC01E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6C06A	1_2_00A6C06A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0E062	1_2_00B0E062
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A28071	1_2_00A28071
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEC049	1_2_00AEC049
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF6042	1_2_00AF6042
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24046	1_2_00B24046
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC81A4	1_2_00AC81A4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E2190	1_2_009E2190
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3E1A4	1_2_00B3E1A4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A26181	1_2_00A26181
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24198	1_2_00B24198
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A42188	1_2_00A42188
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5219E	1_2_00A5219E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0C1E3	1_2_00B0C1E3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B041E6	1_2_00B041E6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E41C0	1_2_009E41C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA41F4	1_2_00AA41F4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABC1CF	1_2_00ABC1CF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADC1C6	1_2_00ADC1C6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA21DF	1_2_00AA21DF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A20121	1_2_00A20121
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD612A	1_2_00AD612A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A98109	1_2_00A98109
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB0109	1_2_00AB0109
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1A11F	1_2_00B1A11F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC211A	1_2_00AC211A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A34118	1_2_00A34118
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9416E	1_2_00A9416E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD816A	1_2_00AD816A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A66168	1_2_00A66168
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A48174	1_2_00A48174
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A82170	1_2_00A82170
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A56179	1_2_00A56179
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFC14E	1_2_00AFC14E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A70157	1_2_00A70157
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3214B	1_2_00B3214B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E	1_2_00A5A15E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A80155	1_2_00A80155
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009DE290	1_2_009DE290
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C6280	1_2_009C6280
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1A293	1_2_00B1A293
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACE288	1_2_00ACE288
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7C28D	1_2_00A7C28D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A36293	1_2_00A36293
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A60293	1_2_00A60293
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6829E	1_2_00A6829E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4E29E	1_2_00A4E29E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8E2EB	1_2_00A8E2EB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB22E8	1_2_00AB22E8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A662FC	1_2_00A662FC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE82F4	1_2_00AE82F4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE42F1	1_2_00AE42F1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A242C1	1_2_00A242C1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B302DA	1_2_00B302DA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF82D2	1_2_00AF82D2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAA22A	1_2_00AAA22A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6620A	1_2_00A6620A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5C21D	1_2_00A5C21D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA0210	1_2_00AA0210
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEA26E	1_2_00AEA26E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B26271	1_2_00B26271
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD0268	1_2_00AD0268
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABA26D	1_2_00ABA26D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3026B	1_2_00A3026B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009D6263	1_2_009D6263
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A383B5	1_2_00A383B5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B023AA	1_2_00B023AA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E4380	1_2_009E4380
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3E393	1_2_00B3E393
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF6398	1_2_00AF6398
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2A3ED	1_2_00A2A3ED
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009EC3FC	1_2_009EC3FC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B143DE	1_2_00B143DE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A723D5	1_2_00A723D5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3A3CD	1_2_00B3A3CD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1E338	1_2_00B1E338
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0433C	1_2_00B0433C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACC321	1_2_00ACC321
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABA325	1_2_00ABA325
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA833B	1_2_00AA833B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E830D	1_2_009E830D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B4232D	1_2_00B4232D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9E333	1_2_00A9E333
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009EA33F	1_2_009EA33F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6A300	1_2_00A6A300
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7430F	1_2_00A7430F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6E30C	1_2_00A6E30C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C8330	1_2_009C8330
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADE314	1_2_00ADE314
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C4320	1_2_009C4320
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB6317	1_2_00AB6317
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B06374	1_2_00B06374
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B22362	1_2_00B22362
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0C36F	1_2_00B0C36F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEC34E	1_2_00AEC34E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9234A	1_2_00A9234A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5E4A7	1_2_00A5E4A7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACE4A8	1_2_00ACE4A8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2E4AB	1_2_00B2E4AB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEE4B4	1_2_00AEE4B4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAC4B6	1_2_00AAC4B6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A22480	1_2_00A22480
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF4486	1_2_00AF4486
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2A48B	1_2_00B2A48B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACA4FC	1_2_00ACA4FC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8A4FD	1_2_00A8A4FD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD64F5	1_2_00AD64F5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3E4DC	1_2_00A3E4DC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABE4D4	1_2_00ABE4D4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8C429	1_2_00A8C429
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A76423	1_2_00A76423
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1643D	1_2_00B1643D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC043C	1_2_00AC043C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A50430	1_2_00A50430
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8E434	1_2_00A8E434
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A28406	1_2_00A28406
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFE409	1_2_00AFE409
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A70400	1_2_00A70400
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A24411	1_2_00A24411
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADA419	1_2_00ADA419
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A40461	1_2_00A40461
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD2463	1_2_00AD2463
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA647D	1_2_00AA647D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2C47E	1_2_00A2C47E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC645C	1_2_00AC645C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A44455	1_2_00A44455
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE0451	1_2_00AE0451
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3C5A7	1_2_00A3C5A7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A765A8	1_2_00A765A8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A94585	1_2_00A94585
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9C599	1_2_00A9C599
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF0594	1_2_00AF0594
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF85EF	1_2_00AF85EF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAA5EB	1_2_00AAA5EB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB85E3	1_2_00AB85E3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0A5E5	1_2_00B0A5E5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A405F3	1_2_00A405F3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2C5E5	1_2_00B2C5E5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC25F3	1_2_00AC25F3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B365CE	1_2_00B365CE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E2510	1_2_009E2510
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF253C	1_2_00AF253C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4A533	1_2_00A4A533
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD0533	1_2_00AD0533
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A56503	1_2_00A56503
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFA51B	1_2_00AFA51B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABC56B	1_2_00ABC56B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B20571	1_2_00B20571
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE256B	1_2_00AE256B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A84561	1_2_00A84561
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAE563	1_2_00AAE563
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A550	1_2_00A5A550
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A686A2	1_2_00A686A2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7C6AF	1_2_00A7C6AF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5C6B1	1_2_00A5C6B1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADE6B9	1_2_00ADE6B9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE86B8	1_2_00AE86B8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3468A	1_2_00A3468A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF6682	1_2_00AF6682
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7E697	1_2_00A7E697
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A36698	1_2_00A36698
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A326EB	1_2_00A326EB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E66D0	1_2_009E66D0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAE6F9	1_2_00AAE6F9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A746F1	1_2_00A746F1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEC6F9	1_2_00AEC6F9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E86C0	1_2_009E86C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A826CB	1_2_00A826CB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B006C1	1_2_00B006C1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B106CB	1_2_00B106CB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A786D8	1_2_00A786D8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA4629	1_2_00AA4629
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3A635	1_2_00B3A635
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A98635	1_2_00A98635
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE6603	1_2_00AE6603
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2E616	1_2_00A2E616
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB266A	1_2_00AB266A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE4666	1_2_00AE4666
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B4267F	1_2_00B4267F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6E656	1_2_00A6E656
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1E7B2	1_2_00B1E7B2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF27A5	1_2_00AF27A5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009D8792	1_2_009D8792
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009CA780	1_2_009CA780
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A66780	1_2_00A66780
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7278D	1_2_00A7278D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAC787	1_2_00AAC787
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009DE7C0	1_2_009DE7C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD07C9	1_2_00AD07C9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A907DA	1_2_00A907DA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA87DE	1_2_00AA87DE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA07D3	1_2_00AA07D3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2C7D9	1_2_00A2C7D9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB872D	1_2_00AB872D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C6710	1_2_009C6710
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2A72E	1_2_00A2A72E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0C723	1_2_00B0C723
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A60732	1_2_00A60732
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC6732	1_2_00AC6732
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A58708	1_2_00A58708
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1470E	1_2_00B1470E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A38766	1_2_00A38766
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B32767	1_2_00B32767
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8C77F	1_2_00A8C77F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A30759	1_2_00A30759
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD28AC	1_2_00AD28AC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B088B8	1_2_00B088B8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A568AF	1_2_00A568AF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD68B8	1_2_00AD68B8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3E8B9	1_2_00A3E8B9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009CC8B6	1_2_009CC8B6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1289F	1_2_00B1289F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADA8E9	1_2_00ADA8E9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A428F7	1_2_00A428F7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E88CB	1_2_009E88CB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB08F2	1_2_00AB08F2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8E8D8	1_2_00A8E8D8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B02833	1_2_00B02833
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B04839	1_2_00B04839
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009F8810	1_2_009F8810
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACC80A	1_2_00ACC80A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009D682D	1_2_009D682D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A70813	1_2_00A70813
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3A872	1_2_00B3A872
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A50860	1_2_00A50860
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1687A	1_2_00B1687A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABE87B	1_2_00ABE87B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2A85D	1_2_00B2A85D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC89AC	1_2_00AC89AC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB49AA	1_2_00AB49AA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEC9B5	1_2_00AEC9B5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8098C	1_2_00A8098C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A40981	1_2_00A40981
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A52980	1_2_00A52980
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA6985	1_2_00AA6985
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF499C	1_2_00AF499C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8899C	1_2_00A8899C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6A998	1_2_00A6A998
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3C9E6	1_2_00A3C9E6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFC9E7	1_2_00AFC9E7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADE9E2	1_2_00ADE9E2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A589F3	1_2_00A589F3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A389C0	1_2_00A389C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB69CE	1_2_00AB69CE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE29C7	1_2_00AE29C7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABA9D3	1_2_00ABA9D3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A86928	1_2_00A86928
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A92921	1_2_00A92921
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5E92F	1_2_00A5E92F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAA90B	1_2_00AAA90B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E0939	1_2_009E0939
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A28905	1_2_00A28905
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A90919	1_2_00A90919
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC0916	1_2_00AC0916
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A26919	1_2_00A26919
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2E970	1_2_00B2E970
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEE97F	1_2_00AEE97F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A96975	1_2_00A96975
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009F0940	1_2_009F0940
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6C979	1_2_00A6C979
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A20942	1_2_00A20942
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABC94D	1_2_00ABC94D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5495F	1_2_00A5495F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEEAAE	1_2_00AEEAAE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACAABF	1_2_00ACAABF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B42A99	1_2_00B42A99
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB2A95	1_2_00AB2A95
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009ECAD0	1_2_009ECAD0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC6AF7	1_2_00AC6AF7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACEAF7	1_2_00ACEAF7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B18AD5	1_2_00B18AD5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD6ACA	1_2_00AD6ACA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A58ADF	1_2_00A58ADF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF6A2E	1_2_00AF6A2E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009CEA10	1_2_009CEA10
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC2A3C	1_2_00AC2A3C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6EA3A	1_2_00A6EA3A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A94A03	1_2_00A94A03
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADAA78	1_2_00ADAA78
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009ECA49	1_2_009ECA49
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB8A74	1_2_00AB8A74
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0CA6F	1_2_00B0CA6F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A24BA5	1_2_00A24BA5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A72BBB	1_2_00A72BBB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3ABBE	1_2_00A3ABBE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFEB8B	1_2_00AFEB8B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9CB8F	1_2_00A9CB8F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A66B81	1_2_00A66B81
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3AB9F	1_2_00B3AB9F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B14B85	1_2_00B14B85
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AACBF4	1_2_00AACBF4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A74BC9	1_2_00A74BC9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A46B22	1_2_00A46B22
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009ECB11	1_2_009ECB11
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A36B31	1_2_00A36B31
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009F6B08	1_2_009F6B08
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AECB32	1_2_00AECB32
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADCB0F	1_2_00ADCB0F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2EB00	1_2_00A2EB00
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5CB0E	1_2_00A5CB0E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009ECB22	1_2_009ECB22
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABAB61	1_2_00ABAB61
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B08B7C	1_2_00B08B7C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B30B7F	1_2_00B30B7F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E6B50	1_2_009E6B50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009DCB40	1_2_009DCB40
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A88CAF	1_2_00A88CAF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009EAC90	1_2_009EAC90
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A22CB9	1_2_00A22CB9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9EC81	1_2_00A9EC81
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA8C86	1_2_00AA8C86
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB4C90	1_2_00AB4C90
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009FECA0	1_2_009FECA0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A92CEF	1_2_00A92CEF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A80CCB	1_2_00A80CCB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6CCCE	1_2_00A6CCCE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3EC2E	1_2_00A3EC2E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB0C38	1_2_00AB0C38
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A82C3C	1_2_00A82C3C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA2C3C	1_2_00AA2C3C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A30C03	1_2_00A30C03
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B12C11	1_2_00B12C11
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A44C6D	1_2_00A44C6D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF0C42	1_2_00AF0C42
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C4C60	1_2_009C4C60
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADADA1	1_2_00ADADA1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0EDAE	1_2_00B0EDAE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2AD87	1_2_00A2AD87
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A68D8C	1_2_00A68D8C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B42D88	1_2_00B42D88
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3CD8C	1_2_00B3CD8C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5ADE5	1_2_00A5ADE5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2EDD3	1_2_00B2EDD3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A38DC6	1_2_00A38DC6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC8DC7	1_2_00AC8DC7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A98DC7	1_2_00A98DC7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5EDDD	1_2_00A5EDDD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7EDD8	1_2_00A7EDD8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE6DD1	1_2_00AE6DD1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC0D2A	1_2_00AC0D2A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6AD2A	1_2_00A6AD2A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3AD2B	1_2_00B3AD2B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A90D30	1_2_00A90D30
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A94D0F	1_2_00A94D0F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8AD1C	1_2_00A8AD1C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD4D6D	1_2_00AD4D6D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB6D6D	1_2_00AB6D6D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009CCD46	1_2_009CCD46
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AECD48	1_2_00AECD48
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEED44	1_2_00AEED44
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A26D54	1_2_00A26D54
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A34EA0	1_2_00A34EA0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF4EA9	1_2_00AF4EA9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEAEBC	1_2_00AEAEBC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA0EB0	1_2_00AA0EB0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE0E81	1_2_00AE0E81
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B00E86	1_2_00B00E86
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A66EE7	1_2_00A66EE7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABAEE7	1_2_00ABAEE7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACAEFD	1_2_00ACAEFD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB8EF9	1_2_00AB8EF9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009FAEC0	1_2_009FAEC0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC0ECF	1_2_00AC0ECF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A76ECE	1_2_00A76ECE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B06EC3	1_2_00B06EC3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B22ECE	1_2_00B22ECE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B34E21	1_2_00B34E21
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B26E2E	1_2_00B26E2E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFCE32	1_2_00AFCE32
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE8E0F	1_2_00AE8E0F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B20E11	1_2_00B20E11
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAAE0D	1_2_00AAAE0D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9AE16	1_2_00A9AE16
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD6E6F	1_2_00AD6E6F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A28E61	1_2_00A28E61
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0CE61	1_2_00B0CE61
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A42E7F	1_2_00A42E7F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A56E47	1_2_00A56E47
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB4E43	1_2_00AB4E43
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009F6E74	1_2_009F6E74
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE2E59	1_2_00AE2E59
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AECE50	1_2_00AECE50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A24FA6	1_2_00A24FA6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3AFA5	1_2_00A3AFA5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A54FAF	1_2_00A54FAF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B04FA8	1_2_00B04FA8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0AFAC	1_2_00B0AFAC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF0FB2	1_2_00AF0FB2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A46F87	1_2_00A46F87
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009FEFB0	1_2_009FEFB0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A82F90	1_2_00A82F90
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A64FF2	1_2_00A64FF2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6CFDA	1_2_00A6CFDA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B10FCC	1_2_00B10FCC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE4F2B	1_2_00AE4F2B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B32F35	1_2_00B32F35
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8AF27	1_2_00A8AF27
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B28F21	1_2_00B28F21
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA8F34	1_2_00AA8F34
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB0F68	1_2_00AB0F68
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009F8F59	1_2_009F8F59
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A22F64	1_2_00A22F64
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B12F78	1_2_00B12F78
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C2F50	1_2_009C2F50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E0F50	1_2_009E0F50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC6F70	1_2_00AC6F70
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009ECF74	1_2_009ECF74
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A78F57	1_2_00A78F57
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3EF5C	1_2_00A3EF5C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF10A2	1_2_00AF10A2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B150BC	1_2_00B150BC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF30B0	1_2_00AF30B0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC3085	1_2_00AC3085
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3F092	1_2_00A3F092
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B39081	1_2_00B39081
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF9091	1_2_00AF9091
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD30E5	1_2_00AD30E5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A990E7	1_2_00A990E7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A830FB	1_2_00A830FB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A490F1	1_2_00A490F1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3D0F4	1_2_00A3D0F4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A710C9	1_2_00A710C9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD9021	1_2_00AD9021
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0903E	1_2_00B0903E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8B072	1_2_00A8B072
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2D052	1_2_00B2D052
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4F048	1_2_00A4F048
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4D1B6	1_2_00A4D1B6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEF1BC	1_2_00AEF1BC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF518F	1_2_00AF518F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C91B0	1_2_009C91B0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2918F	1_2_00A2918F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A51188	1_2_00A51188
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A65192	1_2_00A65192
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E91DD	1_2_009E91DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAD1EF	1_2_00AAD1EF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009FB1D0	1_2_009FB1D0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB31F8	1_2_00AB31F8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E31C2	1_2_009E31C2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A791F9	1_2_00A791F9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9F1F6	1_2_00A9F1F6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A351CA	1_2_00A351CA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6B1CD	1_2_00A6B1CD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF71DC	1_2_00AF71DC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD71D4	1_2_00AD71D4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3D1CC	1_2_00B3D1CC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A73137	1_2_00A73137
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABF135	1_2_00ABF135
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9510C	1_2_00A9510C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B37114	1_2_00B37114
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4510F	1_2_00A4510F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7B10B	1_2_00A7B10B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA311A	1_2_00AA311A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9D11C	1_2_00A9D11C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7511E	1_2_00A7511E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADB167	1_2_00ADB167
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1F16B	1_2_00B1F16B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8D148	1_2_00A8D148
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B412B0	1_2_00B412B0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B032A1	1_2_00B032A1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A952BD	1_2_00A952BD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE7298	1_2_00AE7298
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5529A	1_2_00A5529A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E52DD	1_2_009E52DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACB2E9	1_2_00ACB2E9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AED2E3	1_2_00AED2E3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009DB2E0	1_2_009DB2E0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B05234	1_2_00B05234
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A69235	1_2_00A69235
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4123F	1_2_00A4123F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B7F212	1_2_00B7F212
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD1217	1_2_00AD1217
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB9217	1_2_00AB9217
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009D5220	1_2_009D5220
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC9240	1_2_00AC9240
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFB252	1_2_00AFB252
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3B3AD	1_2_00A3B3AD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2D3B7	1_2_00A2D3B7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A33387	1_2_00A33387

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: String function: 009C8030 appears 44 times
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: String function: 009D4400 appears 65 times

Uses 32bit PE files

Source: mgEXk8ip26.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: mgEXk8ip26.exe	Static PE information: Section: ZLIB complexity 0.9973913741438356
Source: mgEXk8ip26.exe	Static PE information: Section: mafhbcbe ZLIB complexity 0.9949235744251088

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@11/2

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Code function: 1_2_009F0C70 CoCreateInstance,

1_2_009F0C70

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: mgEXk8ip26.exe	Virustotal: Detection: 51%
Source: mgEXk8ip26.exe	ReversingLabs: Detection: 57%

Source: mgEXk8ip26.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

File read: C:\Users\user\Desktop\mgEXk8ip26.exe

Jump to behavior

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: mgEXk8ip26.exe

Static file information: File size 1812480 > 1048576

Source: mgEXk8ip26.exe

Static PE information: Raw size of mafhbcbe is bigger than: 0x100000 < 0x192400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Unpacked PE file: 1.2.mgEXk8ip26.exe.9c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mafhbcbe:EW;qztbpyyk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mafhbcbe:EW;qztbpyyk:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: mgEXk8ip26.exe

Static PE information: real checksum: 0x1c57bf should be: 0x1c574f

PE file contains sections with non-standard names

Source: mgEXk8ip26.exe	Static PE information: section name:
Source: mgEXk8ip26.exe	Static PE information: section name: .idata
Source: mgEXk8ip26.exe	Static PE information: section name:
Source: mgEXk8ip26.exe	Static PE information: section name: mafhbcbe
Source: mgEXk8ip26.exe	Static PE information: section name: qztbpyyk
Source: mgEXk8ip26.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A18561 push edi; mov dword ptr [esp], 491C642Ch	1_2_00A196E5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A16081 push ecx; mov dword ptr [esp], esi	1_2_00A1677A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C16088 push edi; mov dword ptr [esp], 7D560DBBh	1_2_00C16126
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C3608F push edi; mov dword ptr [esp], ebp	1_2_00C360B4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C3608F push 222572B7h; mov dword ptr [esp], ecx	1_2_00C360FB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C3608F push 4CD0390Fh; mov dword ptr [esp], eax	1_2_00C36125
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A16030 push edx; mov dword ptr [esp], edi	1_2_00A160FB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C1E1E2 push 4F87F313h; mov dword ptr [esp], ecx	1_2_00C1E37E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24198 push edi; mov dword ptr [esp], esi	1_2_00B24648
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24198 push ebp; mov dword ptr [esp], esi	1_2_00B2472B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24198 push edx; mov dword ptr [esp], eax	1_2_00B24791
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24198 push ebp; mov dword ptr [esp], ecx	1_2_00B2481C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C4A1EA push 26AFF980h; mov dword ptr [esp], ebp	1_2_00C4A22A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C3019C push 4EE1FB50h; mov dword ptr [esp], esi	1_2_00C309A9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A1C109 push edx; mov dword ptr [esp], ebx	1_2_00A1C13F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A1C109 push eax; mov dword ptr [esp], edi	1_2_00A1D8B0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A1C109 push eax; mov dword ptr [esp], ebx	1_2_00A1D8C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A1C109 push edi; mov dword ptr [esp], esp	1_2_00A1D8C4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push ecx; mov dword ptr [esp], eax	1_2_00A5A591
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push ebp; mov dword ptr [esp], ecx	1_2_00A5A634
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push ebx; mov dword ptr [esp], 6B4D1EC6h	1_2_00A5A677
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push 5A0E57DFh; mov dword ptr [esp], edx	1_2_00A5A686
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push 4E191A61h; mov dword ptr [esp], ecx	1_2_00A5A6FF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push 3980903Ch; mov dword ptr [esp], ebp	1_2_00A5A746
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push ebp; mov dword ptr [esp], 70BD39AFh	1_2_00A5A762
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push 08BED67Bh; mov dword ptr [esp], eax	1_2_00A5A77A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A1615C push edx; mov dword ptr [esp], 43CDD200h	1_2_00A1615D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00BF62FF push 2EDA0CACh; mov dword ptr [esp], edi	1_2_00BF632C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B302DA push 016678CBh; mov dword ptr [esp], edx	1_2_00B30884
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B302DA push edx; mov dword ptr [esp], esi	1_2_00B308AE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B302DA push 16BAC7B2h; mov dword ptr [esp], ebx	1_2_00B30985

Source: mgEXk8ip26.exe	Static PE information: section name: entropy: 7.9812986672482875
Source: mgEXk8ip26.exe	Static PE information: section name: mafhbcbe entropy: 7.954300989744655

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B88B0A second address: B88B10 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B88B10 second address: B88B36 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007FA398747046h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FA39874704Fh 0x00000014 pop esi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B88B36 second address: B88B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518360h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B88E35 second address: B88E3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B88E3B second address: B88E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007FA398518365h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jl 00007FA398518356h 0x00000013 popad 0x00000014 pushad 0x00000015 jnl 00007FA398518356h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A73E second address: B8A742 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A801 second address: B8A816 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA398518358h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A816 second address: B8A81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A81B second address: B8A820 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A820 second address: B8A846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FA39874704Fh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 ja 00007FA398747046h 0x0000001b pop edi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A981 second address: B8A9D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FA398518361h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d add dword ptr [esp], 206E36A4h 0x00000014 sbb ecx, 5B76B333h 0x0000001a push 00000003h 0x0000001c movsx ecx, bx 0x0000001f jmp 00007FA39851835Eh 0x00000024 push 00000000h 0x00000026 mov dh, 07h 0x00000028 push 00000003h 0x0000002a add si, 1500h 0x0000002f adc cx, 21B8h 0x00000034 push 6E33C8EDh 0x00000039 pushad 0x0000003a pushad 0x0000003b push ebx 0x0000003c pop ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8AB0D second address: B8AB11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8AB11 second address: B8AB6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 add dword ptr [esp], 692FD9D6h 0x0000000e pushad 0x0000000f stc 0x00000010 popad 0x00000011 push 00000003h 0x00000013 movzx ecx, bx 0x00000016 jmp 00007FA39851835Bh 0x0000001b push 00000000h 0x0000001d jmp 00007FA398518368h 0x00000022 push 00000003h 0x00000024 mov ecx, dword ptr [ebp+122D28B3h] 0x0000002a push C90E6240h 0x0000002f pushad 0x00000030 push ecx 0x00000031 jmp 00007FA39851835Bh 0x00000036 pop ecx 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8AB6A second address: B8AB8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 xor dword ptr [esp], 090E6240h 0x0000000d movsx ecx, si 0x00000010 lea ebx, dword ptr [ebp+124466ABh] 0x00000016 mov si, dx 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pop eax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8AB8A second address: B8AB94 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAA4B4 second address: BAA4B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAA4B8 second address: BAA4C8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA398518356h 0x00000008 je 00007FA398518356h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAA4C8 second address: BAA4E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA398747057h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAAB68 second address: BAAB82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 jg 00007FA398518356h 0x0000000c pop ebx 0x0000000d jo 00007FA398518358h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAAB82 second address: BAAB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007FA398747046h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAAB95 second address: BAAB99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAAF9D second address: BAAFA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA398747046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAB13E second address: BAB160 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518368h 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007FA398518356h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAB160 second address: BAB173 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BA0FD3 second address: BA0FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA398518364h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BA0FEF second address: BA0FF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BA0FF3 second address: BA1011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39851835Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FA39851835Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BA1011 second address: BA101B instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA39874704Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BA101B second address: BA103A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FA398518356h 0x0000000e jmp 00007FA398518361h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABB2A second address: BABB34 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABB34 second address: BABB58 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FA398518365h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jl 00007FA398518356h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABB58 second address: BABB7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39874704Ah 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FA39874705Ah 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jc 00007FA398747046h 0x0000001e push esi 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABCAF second address: BABCB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABCB9 second address: BABCBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABCBF second address: BABCC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABCC3 second address: BABCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABE82 second address: BABE93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B81496 second address: B814CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push edi 0x00000007 jmp 00007FA39874704Ah 0x0000000c jmp 00007FA39874704Bh 0x00000011 pop edi 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FA39874704Fh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAC338 second address: BAC340 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAC340 second address: BAC344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAF454 second address: BAF46F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jmp 00007FA39851835Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAF46F second address: BAF473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB3843 second address: BB3847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB3847 second address: BB386F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA39874704Dh 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB386F second address: BB3873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB3873 second address: BB3877 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB39D3 second address: BB39EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518360h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FA398518356h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB39EF second address: BB39F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB39F3 second address: BB3A19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FA39851835Bh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jg 00007FA398518368h 0x00000018 push eax 0x00000019 push edx 0x0000001a jnl 00007FA398518356h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB2383 second address: BB239D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747056h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8C7C second address: BB8C80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8C80 second address: BB8C86 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8C86 second address: BB8C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8C91 second address: BB8CA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push edx 0x00000009 push esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c jnc 00007FA398747046h 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8056 second address: BB805C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB81D4 second address: BB81D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB81D8 second address: BB81E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FA39851835Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB81E6 second address: BB8206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 jmp 00007FA398747057h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8206 second address: BB820C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB820C second address: BB8213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB84FD second address: BB8505 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8B32 second address: BB8B38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB94F6 second address: BB954A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39851835Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FA398518363h 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 pushad 0x00000016 jmp 00007FA398518365h 0x0000001b jnl 00007FA398518356h 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FA39851835Bh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB954A second address: BB954E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB9829 second address: BB982D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB982D second address: BB9833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB9947 second address: BB9951 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB9951 second address: BB9957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB9A0B second address: BB9A11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBA076 second address: BBA089 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBA200 second address: BBA217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518362h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBA217 second address: BBA21D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBA570 second address: BBA57C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBA75E second address: BBA77E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747058h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBABF5 second address: BBABFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBABFA second address: BBAC00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBAC00 second address: BBAC88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39851835Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edi, edx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007FA398518358h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 0000001Ah 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c sub esi, dword ptr [ebp+122D1A07h] 0x00000032 push eax 0x00000033 call 00007FA39851835Bh 0x00000038 mov dword ptr [ebp+122D3986h], edi 0x0000003e pop esi 0x0000003f pop edi 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push esi 0x00000045 call 00007FA398518358h 0x0000004a pop esi 0x0000004b mov dword ptr [esp+04h], esi 0x0000004f add dword ptr [esp+04h], 0000001Dh 0x00000057 inc esi 0x00000058 push esi 0x00000059 ret 0x0000005a pop esi 0x0000005b ret 0x0000005c push eax 0x0000005d je 00007FA398518364h 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBAC88 second address: BBAC8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBB687 second address: BBB6AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518367h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FA398518356h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBC5E4 second address: BBC5E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBC5E8 second address: BBC5EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBD0AA second address: BBD0AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBD0AE second address: BBD0B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBD0B2 second address: BBD13E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov si, bx 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007FA398747048h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 mov di, si 0x0000002b jmp 00007FA398747057h 0x00000030 xchg eax, ebx 0x00000031 jmp 00007FA398747056h 0x00000036 push eax 0x00000037 pushad 0x00000038 jnc 00007FA398747054h 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FA398747057h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBD8CB second address: BBD8CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBE343 second address: BBE37A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747058h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FA398747057h 0x00000013 jmp 00007FA398747051h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBD8CF second address: BBD8D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBEE34 second address: BBEE5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FA398747059h 0x0000000a popad 0x0000000b push eax 0x0000000c jg 00007FA398747054h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBFB5C second address: BBFB60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBEE5E second address: BBEE62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBFB60 second address: BBFBA1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA398518366h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 mov edi, edx 0x00000015 push 00000000h 0x00000017 mov esi, 1C19B1B1h 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f xor esi, dword ptr [ebp+122D2AAFh] 0x00000025 pop edi 0x00000026 push eax 0x00000027 push ebx 0x00000028 jnp 00007FA39851835Ch 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC1B3E second address: BC1B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B78F6C second address: B78F87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518366h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B758A5 second address: B758AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B758AE second address: B758B4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B758B4 second address: B758BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC67ED second address: BC6802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA398518356h 0x0000000a popad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC7748 second address: BC7766 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747053h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC7766 second address: BC776C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC691D second address: BC6921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC877E second address: BC878B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC878B second address: BC8795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA398747046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC8795 second address: BC87E9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 sub ebx, 5780B40Fh 0x0000000f mov dword ptr [ebp+122D2786h], eax 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007FA398518358h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 sub edi, dword ptr [ebp+122D295Bh] 0x00000037 push 00000000h 0x00000039 jmp 00007FA39851835Bh 0x0000003e add dword ptr [ebp+122D23FBh], ebx 0x00000044 push eax 0x00000045 push edx 0x00000046 push edi 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC9930 second address: BC99B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA398747046h 0x0000000a popad 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push dword ptr fs:[00000000h] 0x00000016 adc di, B803h 0x0000001b mov dword ptr [ebp+122D1837h], ebx 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 push 00000000h 0x0000002a push ebp 0x0000002b call 00007FA398747048h 0x00000030 pop ebp 0x00000031 mov dword ptr [esp+04h], ebp 0x00000035 add dword ptr [esp+04h], 00000016h 0x0000003d inc ebp 0x0000003e push ebp 0x0000003f ret 0x00000040 pop ebp 0x00000041 ret 0x00000042 mov dword ptr [ebp+122D27A9h], esi 0x00000048 mov eax, dword ptr [ebp+122D0041h] 0x0000004e push 00000000h 0x00000050 push edx 0x00000051 call 00007FA398747048h 0x00000056 pop edx 0x00000057 mov dword ptr [esp+04h], edx 0x0000005b add dword ptr [esp+04h], 00000018h 0x00000063 inc edx 0x00000064 push edx 0x00000065 ret 0x00000066 pop edx 0x00000067 ret 0x00000068 mov dword ptr [ebp+122D27B3h], esi 0x0000006e push FFFFFFFFh 0x00000070 and di, 5E70h 0x00000075 nop 0x00000076 pushad 0x00000077 push edx 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC99B4 second address: BC99EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 je 00007FA398518367h 0x0000000b jmp 00007FA398518361h 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA398518367h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC99EC second address: BC99FA instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCC82D second address: BCC8A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39851835Ah 0x00000009 popad 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov ebx, dword ptr [ebp+122D29CFh] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007FA398518358h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 mov dword ptr [ebp+1246C1CFh], esi 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ebp 0x0000003b call 00007FA398518358h 0x00000040 pop ebp 0x00000041 mov dword ptr [esp+04h], ebp 0x00000045 add dword ptr [esp+04h], 0000001Bh 0x0000004d inc ebp 0x0000004e push ebp 0x0000004f ret 0x00000050 pop ebp 0x00000051 ret 0x00000052 sub dword ptr [ebp+122D265Dh], esi 0x00000058 xchg eax, esi 0x00000059 push eax 0x0000005a push edx 0x0000005b js 00007FA39851835Ch 0x00000061 jbe 00007FA398518356h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCC8A5 second address: BCC8AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCD7C9 second address: BCD7E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518364h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCD7E1 second address: BCD7E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEA35 second address: BCEA3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCF9D7 second address: BCFA66 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FA398747048h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push edi 0x0000002a call 00007FA398747048h 0x0000002f pop edi 0x00000030 mov dword ptr [esp+04h], edi 0x00000034 add dword ptr [esp+04h], 0000001Bh 0x0000003c inc edi 0x0000003d push edi 0x0000003e ret 0x0000003f pop edi 0x00000040 ret 0x00000041 sub dword ptr [ebp+122D3443h], ebx 0x00000047 push 00000000h 0x00000049 push 00000000h 0x0000004b push ebx 0x0000004c call 00007FA398747048h 0x00000051 pop ebx 0x00000052 mov dword ptr [esp+04h], ebx 0x00000056 add dword ptr [esp+04h], 0000001Ch 0x0000005e inc ebx 0x0000005f push ebx 0x00000060 ret 0x00000061 pop ebx 0x00000062 ret 0x00000063 xchg eax, esi 0x00000064 js 00007FA39874705Bh 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007FA39874704Dh 0x00000071 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCDAE0 second address: BCDAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD195C second address: BD1961 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD27FA second address: BD2883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 nop 0x00000009 mov ebx, esi 0x0000000b push 00000000h 0x0000000d and edi, dword ptr [ebp+122D2837h] 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007FA398518358h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D3794h], esi 0x00000035 mov bl, B6h 0x00000037 xchg eax, esi 0x00000038 push ebx 0x00000039 pushad 0x0000003a jmp 00007FA398518367h 0x0000003f push eax 0x00000040 pop eax 0x00000041 popad 0x00000042 pop ebx 0x00000043 push eax 0x00000044 pushad 0x00000045 jl 00007FA398518366h 0x0000004b jmp 00007FA398518360h 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007FA398518362h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD7457 second address: BD7461 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEBC1 second address: BCEBCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEBCA second address: BCEBD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEBD6 second address: BCEBDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEBDA second address: BCEBDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEBDE second address: BCEC4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 push dword ptr fs:[00000000h] 0x0000000f stc 0x00000010 mov dword ptr fs:[00000000h], esp 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FA398518358h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 0000001Bh 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 mov eax, dword ptr [ebp+122D0EF5h] 0x00000037 mov edi, eax 0x00000039 push FFFFFFFFh 0x0000003b push 00000000h 0x0000003d push esi 0x0000003e call 00007FA398518358h 0x00000043 pop esi 0x00000044 mov dword ptr [esp+04h], esi 0x00000048 add dword ptr [esp+04h], 00000014h 0x00000050 inc esi 0x00000051 push esi 0x00000052 ret 0x00000053 pop esi 0x00000054 ret 0x00000055 mov dword ptr [ebp+1247CDFAh], eax 0x0000005b push eax 0x0000005c pushad 0x0000005d push eax 0x0000005e push edx 0x0000005f jns 00007FA398518356h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BDD4BA second address: BDD4D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FA398747056h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BDD4D8 second address: BDD4DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BDD4DC second address: BDD4F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007FA39874704Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BDCBAD second address: BDCBDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007FA39851835Eh 0x0000000d pushad 0x0000000e popad 0x0000000f jp 00007FA398518356h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA398518364h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BDCBDA second address: BDCBDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE46F9 second address: BE470B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 ja 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4DA3 second address: BE4DCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA398747058h 0x00000008 jne 00007FA398747046h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4DCD second address: BE4DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4DD2 second address: BE4E00 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA398747048h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 js 00007FA398747053h 0x00000016 push edx 0x00000017 jmp 00007FA39874704Bh 0x0000001c pop edx 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 ja 00007FA398747046h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4E00 second address: BE4E0D instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4E0D second address: BE4E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4F1A second address: BE4F1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4F1E second address: BE4F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4F2F second address: BE4F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA398518363h 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007FA398518366h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE5149 second address: A17B18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747055h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jmp 00007FA39874704Ch 0x0000000f push dword ptr [ebp+122D03B1h] 0x00000015 jg 00007FA39874705Ch 0x0000001b call dword ptr [ebp+122D2CCAh] 0x00000021 pushad 0x00000022 pushad 0x00000023 sub dword ptr [ebp+122D3632h], ecx 0x00000029 pushad 0x0000002a movsx ecx, si 0x0000002d mov dx, 5821h 0x00000031 popad 0x00000032 popad 0x00000033 xor eax, eax 0x00000035 mov dword ptr [ebp+122D3632h], esi 0x0000003b mov edx, dword ptr [esp+28h] 0x0000003f pushad 0x00000040 jnp 00007FA398747055h 0x00000046 call 00007FA39874704Eh 0x0000004b pop edi 0x0000004c mov edx, dword ptr [ebp+122D2A1Bh] 0x00000052 popad 0x00000053 mov dword ptr [ebp+122D2A77h], eax 0x00000059 mov dword ptr [ebp+122D2F6Ah], ecx 0x0000005f mov esi, 0000003Ch 0x00000064 pushad 0x00000065 xor dword ptr [ebp+122D18E1h], esi 0x0000006b sub bx, BBC6h 0x00000070 popad 0x00000071 add esi, dword ptr [esp+24h] 0x00000075 mov dword ptr [ebp+122D2F6Ah], eax 0x0000007b lodsw 0x0000007d jnp 00007FA39874704Ch 0x00000083 sub dword ptr [ebp+122D1858h], edx 0x00000089 add eax, dword ptr [esp+24h] 0x0000008d add dword ptr [ebp+122D1858h], edx 0x00000093 mov ebx, dword ptr [esp+24h] 0x00000097 jl 00007FA39874705Eh 0x0000009d push eax 0x0000009e push eax 0x0000009f push edx 0x000000a0 jmp 00007FA39874704Eh 0x000000a5 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BEA0E9 second address: BEA125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007FA39851835Fh 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e popad 0x0000000f jl 00007FA39851837Eh 0x00000015 jmp 00007FA398518364h 0x0000001a pushad 0x0000001b jg 00007FA398518356h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BEA125 second address: BEA12B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9315 second address: BE9337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FA39851836Dh 0x0000000b jmp 00007FA398518361h 0x00000010 jne 00007FA398518356h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9337 second address: BE9354 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA398747059h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9354 second address: BE9358 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9358 second address: BE9380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 pushad 0x00000015 jmp 00007FA39874704Ch 0x0000001a jp 00007FA398747046h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9380 second address: BE9396 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA398518362h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9AC9 second address: BE9ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9ACD second address: BE9AE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FA398518367h 0x0000000c jmp 00007FA39851835Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9DDC second address: BE9DE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0650 second address: BF0654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0654 second address: BF0678 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FA398747059h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC39D7 second address: BC39DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC39DC second address: BA0FD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007FA398747058h 0x00000012 lea eax, dword ptr [ebp+1247F761h] 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007FA398747048h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 nop 0x00000033 jg 00007FA39874704Eh 0x00000039 push eax 0x0000003a jmp 00007FA398747054h 0x0000003f nop 0x00000040 push 00000000h 0x00000042 push ecx 0x00000043 call 00007FA398747048h 0x00000048 pop ecx 0x00000049 mov dword ptr [esp+04h], ecx 0x0000004d add dword ptr [esp+04h], 00000019h 0x00000055 inc ecx 0x00000056 push ecx 0x00000057 ret 0x00000058 pop ecx 0x00000059 ret 0x0000005a mov ecx, dword ptr [ebp+122D2953h] 0x00000060 mov dword ptr [ebp+12441072h], eax 0x00000066 call dword ptr [ebp+122D2672h] 0x0000006c pushad 0x0000006d jno 00007FA398747048h 0x00000073 jp 00007FA39874704Eh 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4004 second address: BC400E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC40EB second address: BC40F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC42AE second address: BC42D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edx 0x00000011 push edi 0x00000012 jo 00007FA398518356h 0x00000018 pop edi 0x00000019 pop edx 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e jc 00007FA39851835Ch 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC42D4 second address: BC42D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC42D8 second address: BC42EC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC42EC second address: BC42F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC42F1 second address: BC42F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC43AF second address: BC43B4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4890 second address: BC4902 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FA398518356h 0x00000009 jmp 00007FA398518363h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 js 00007FA39851835Ah 0x00000018 push ecx 0x00000019 pushad 0x0000001a popad 0x0000001b pop ecx 0x0000001c nop 0x0000001d mov di, cx 0x00000020 mov cl, 30h 0x00000022 push 0000001Eh 0x00000024 push 00000000h 0x00000026 push esi 0x00000027 call 00007FA398518358h 0x0000002c pop esi 0x0000002d mov dword ptr [esp+04h], esi 0x00000031 add dword ptr [esp+04h], 00000017h 0x00000039 inc esi 0x0000003a push esi 0x0000003b ret 0x0000003c pop esi 0x0000003d ret 0x0000003e add dh, FFFFFFA2h 0x00000041 mov dl, ch 0x00000043 push eax 0x00000044 push ecx 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FA398518368h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4902 second address: BC4906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4A01 second address: BC4A08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCFC86 second address: BCFC90 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCFC90 second address: BCFC96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD1AF9 second address: BD1AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD2A7B second address: BD2A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD2A84 second address: BD2A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD2A88 second address: BD2A8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD5B5C second address: BD5B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4B43 second address: BC4B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4B47 second address: BC4B5D instructions: 0x00000000 rdtsc 0x00000002 je 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f jng 00007FA398747046h 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4B5D second address: BC4B63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4B63 second address: BC4B75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4B75 second address: BC4B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 je 00007FA398518356h 0x0000000c pop edx 0x0000000d popad 0x0000000e mov eax, dword ptr [eax] 0x00000010 push ecx 0x00000011 push edi 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jl 00007FA39851835Ch 0x00000022 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4C64 second address: BA1C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 mov dword ptr [ebp+122D2E9Bh], esi 0x0000000d lea eax, dword ptr [ebp+1247F761h] 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007FA398747048h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D27A9h], edi 0x00000033 nop 0x00000034 pushad 0x00000035 jmp 00007FA398747057h 0x0000003a push edi 0x0000003b jp 00007FA398747046h 0x00000041 pop edi 0x00000042 popad 0x00000043 push eax 0x00000044 jo 00007FA39874704Ah 0x0000004a push esi 0x0000004b pushad 0x0000004c popad 0x0000004d pop esi 0x0000004e nop 0x0000004f xor dword ptr [ebp+122D19BBh], edi 0x00000055 call dword ptr [ebp+12446C7Ch] 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007FA39874704Fh 0x00000062 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0C2F second address: BF0C47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518364h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0C47 second address: BF0C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0DA1 second address: BF0DBC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 jbe 00007FA398518356h 0x0000000b pop edx 0x0000000c pushad 0x0000000d jmp 00007FA39851835Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0DBC second address: BF0DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398747056h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FA398747051h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF10BB second address: BF10ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518360h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b jmp 00007FA398518368h 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF10ED second address: BF10F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF611F second address: BF6125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF6125 second address: BF6129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF6129 second address: BF612D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF6943 second address: BF697D instructions: 0x00000000 rdtsc 0x00000002 js 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007FA398747070h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF697D second address: BF6987 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA398518356h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF6AE6 second address: BF6AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF6FAB second address: BF6FCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518366h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007FA39851835Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BFC1F7 second address: BFC1FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BFC1FB second address: BFC20C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jbe 00007FA398518356h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BFC20C second address: BFC242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA398747046h 0x0000000a js 00007FA398747046h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007FA39874704Eh 0x00000019 jmp 00007FA398747055h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C01F09 second address: C01F19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA39851835Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C01F19 second address: C01F24 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C00906 second address: C00921 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA398518356h 0x00000008 jmp 00007FA398518361h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C00921 second address: C00930 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jp 00007FA398747046h 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop edx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C00A5E second address: C00A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA398518356h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C00A68 second address: C00A70 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C011AA second address: C011B4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA398518367h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C014A8 second address: C014AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C018BB second address: C018CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 jc 00007FA398518360h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C01D6E second address: C01D7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 js 00007FA398747046h 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C078B2 second address: C078B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C078B6 second address: C078C2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398747046h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C070ED second address: C070F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FA398518356h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C070F9 second address: C0713A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FA398747057h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FA398747058h 0x00000016 popad 0x00000017 pushad 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0713A second address: C07140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C072A0 second address: C072CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FA398747048h 0x00000013 pushad 0x00000014 jo 00007FA398747046h 0x0000001a pushad 0x0000001b popad 0x0000001c jbe 00007FA398747046h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C072CC second address: C072EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518366h 0x00000007 jl 00007FA398518362h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C072EC second address: C072F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0BC2B second address: C0BC2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0BC2F second address: C0BC62 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA398747057h 0x0000000b pushad 0x0000000c jmp 00007FA398747053h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0BDDE second address: C0BDE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0BDE3 second address: C0BDE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0BDE9 second address: C0BDED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0C09C second address: C0C0AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0C0AA second address: C0C0B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0C0B1 second address: C0C0B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0C0B7 second address: C0C0C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA398518356h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10C52 second address: C10C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 ja 00007FA398747046h 0x0000000c jp 00007FA398747046h 0x00000012 jns 00007FA398747046h 0x00000018 popad 0x00000019 pop ebx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d jo 00007FA398747046h 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10C77 second address: C10C98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518365h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FA398518368h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10E0F second address: C10E19 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10E19 second address: C10E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10E1D second address: C10E21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10F9C second address: C10FA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10FA0 second address: C10FB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10FB3 second address: C10FB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10FB9 second address: C10FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10FBF second address: C10FC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4669 second address: BC466D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C114D7 second address: C114DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1161A second address: C11622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C11622 second address: C1162D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1162D second address: C11631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C11631 second address: C11652 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA398518363h 0x0000000d jnc 00007FA398518356h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C11652 second address: C11656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C12051 second address: C12090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007FA398518368h 0x0000000c push edx 0x0000000d pop edx 0x0000000e jnc 00007FA398518356h 0x00000014 popad 0x00000015 pop esi 0x00000016 pushad 0x00000017 jmp 00007FA398518362h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C157AC second address: C157CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39874704Ah 0x00000009 jmp 00007FA398747050h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C15913 second address: C15930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518366h 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C15D1C second address: C15D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C15D27 second address: C15D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C15D2B second address: C15D2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C15D2F second address: C15D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D8EE second address: C1D8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D8F4 second address: C1D908 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FA39851835Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D908 second address: C1D911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1B84C second address: C1B851 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1B851 second address: C1B873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398747055h 0x00000009 pop esi 0x0000000a jnp 00007FA398747052h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1B9ED second address: C1B9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1B9F1 second address: C1BA0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747055h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1BA0C second address: C1BA12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1BA12 second address: C1BA18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1BE63 second address: C1BE86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA39851835Eh 0x0000000b jmp 00007FA39851835Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1BE86 second address: C1BE90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D346 second address: C1D34A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D34A second address: C1D359 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jl 00007FA39874704Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D359 second address: C1D368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jng 00007FA398518356h 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C260DC second address: C260E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA398747046h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C263FD second address: C2640A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FA398518356h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2640A second address: C26410 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C26573 second address: C2657C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2657C second address: C2659A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA398747057h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C268D8 second address: C268DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C26CEC second address: C26CFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C26CFF second address: C26D05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C26D05 second address: C26D1D instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA39874704Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007FA398747046h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C26D1D second address: C26D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2CF34 second address: C2CF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398747055h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2CF4D second address: C2CF56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D0AD second address: C2D0B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D0B1 second address: C2D0EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518363h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jbe 00007FA398518356h 0x00000010 jne 00007FA398518356h 0x00000016 jc 00007FA398518356h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jns 00007FA398518356h 0x00000025 jmp 00007FA39851835Ah 0x0000002a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D370 second address: C2D38F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747056h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D38F second address: C2D395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D395 second address: C2D3A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D3A4 second address: C2D3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D841 second address: C2D845 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D845 second address: C2D84E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D995 second address: C2D9A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D9A6 second address: C2D9B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA39851835Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D9B6 second address: C2D9CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA39874704Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D9CE second address: C2D9D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D9D2 second address: C2D9D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2DC5D second address: C2DC61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2E479 second address: C2E47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2E47D second address: C2E489 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C361B5 second address: C361D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747056h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C35F40 second address: C35F46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C3D3C2 second address: C3D3C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C4661D second address: C46623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C46623 second address: C46627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C46627 second address: C46645 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA398518360h 0x0000000b js 00007FA398518362h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C46645 second address: C4664B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C46330 second address: C46336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C47C84 second address: C47C94 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA398747046h 0x00000008 je 00007FA398747046h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5111A second address: C5111E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5111E second address: C51124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C51124 second address: C51143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA398518367h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C51143 second address: C51166 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747052h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ebx 0x0000000d push edi 0x0000000e je 00007FA398747046h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5409C second address: C540A2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5A131 second address: C5A136 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5D54E second address: C5D567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA398518356h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FA398518356h 0x00000013 jns 00007FA398518356h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5D567 second address: C5D587 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FA398747057h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C62B47 second address: C62B4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C62B4F second address: C62B55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C62B55 second address: C62B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C62D23 second address: C62D2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C62E88 second address: C62E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C6343D second address: C63443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C68C31 second address: C68C35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C68C35 second address: C68C43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C68DC1 second address: C68DCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA398518356h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C68DCB second address: C68DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C6A70A second address: C6A710 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C6A710 second address: C6A717 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C74A5E second address: C74A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007FA39851835Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C74A73 second address: C74A79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C8657E second address: C86582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C86582 second address: C8658A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C860DC second address: C860E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C860E4 second address: C860FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA398747050h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C8625F second address: C8628D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518360h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FA398518368h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C8628D second address: C86292 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C86292 second address: C862BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518365h 0x00000009 push eax 0x0000000a pop eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9A96C second address: C9A997 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA398747052h 0x00000008 push esi 0x00000009 pop esi 0x0000000a jc 00007FA398747046h 0x00000010 popad 0x00000011 push ebx 0x00000012 jmp 00007FA39874704Ah 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9AC67 second address: C9AC77 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jne 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9AC77 second address: C9AC81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA398747046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9AC81 second address: C9ACA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007FA398518363h 0x0000000d jmp 00007FA39851835Dh 0x00000012 jl 00007FA398518358h 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9ACA7 second address: C9ACAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9ACAD second address: C9ACB7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA398518356h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B376 second address: C9B37C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B37C second address: C9B394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA39851835Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B394 second address: C9B398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B398 second address: C9B39C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B4DF second address: C9B508 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747051h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b jmp 00007FA39874704Ch 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop esi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B644 second address: C9B64A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B64A second address: C9B64E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B64E second address: C9B654 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B654 second address: C9B65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B65D second address: C9B663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA11AF second address: CA11B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA1413 second address: CA1431 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518365h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA1431 second address: CA143E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jp 00007FA39874704Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA143E second address: CA149D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebp 0x00000009 call 00007FA398518358h 0x0000000e pop ebp 0x0000000f mov dword ptr [esp+04h], ebp 0x00000013 add dword ptr [esp+04h], 00000014h 0x0000001b inc ebp 0x0000001c push ebp 0x0000001d ret 0x0000001e pop ebp 0x0000001f ret 0x00000020 mov dh, 3Ch 0x00000022 push 00000004h 0x00000024 push 00000000h 0x00000026 push ebp 0x00000027 call 00007FA398518358h 0x0000002c pop ebp 0x0000002d mov dword ptr [esp+04h], ebp 0x00000031 add dword ptr [esp+04h], 00000018h 0x00000039 inc ebp 0x0000003a push ebp 0x0000003b ret 0x0000003c pop ebp 0x0000003d ret 0x0000003e mov edx, 01EA4B11h 0x00000043 mov dx, bx 0x00000046 xor edx, dword ptr [ebp+122D265Dh] 0x0000004c push 991CC149h 0x00000051 push eax 0x00000052 push edx 0x00000053 push edi 0x00000054 pushad 0x00000055 popad 0x00000056 pop edi 0x00000057 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA1688 second address: CA1708 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FA398747046h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 jno 00007FA39874704Ch 0x00000017 push dword ptr [ebp+122D3761h] 0x0000001d movsx edx, cx 0x00000020 mov dword ptr [ebp+12469DCBh], edx 0x00000026 call 00007FA398747049h 0x0000002b jmp 00007FA39874704Fh 0x00000030 push eax 0x00000031 jmp 00007FA398747050h 0x00000036 mov eax, dword ptr [esp+04h] 0x0000003a push esi 0x0000003b jne 00007FA398747048h 0x00000041 push esi 0x00000042 pop esi 0x00000043 pop esi 0x00000044 mov eax, dword ptr [eax] 0x00000046 push esi 0x00000047 jmp 00007FA39874704Ch 0x0000004c pop esi 0x0000004d mov dword ptr [esp+04h], eax 0x00000051 jg 00007FA398747054h 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA30F6 second address: CA30FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA30FA second address: CA3103 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA3103 second address: CA3109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA3109 second address: CA311C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 jns 00007FA398747046h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBC40B second address: BBC413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Special instruction interceptor: First address: A17B98 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Special instruction interceptor: First address: A17A72 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Special instruction interceptor: First address: BB392A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Special instruction interceptor: First address: C386C2 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Code function: 1_2_00A182EA rdtsc

1_2_00A182EA

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\mgEXk8ip26.exe TID: 7528

Thread sleep time: -90000s >= -30000s

Jump to behavior

Source: mgEXk8ip26.exe, mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260432379.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231900797.0000000001410000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231900797.0000000001410000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	File opened: NTICE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	File opened: SICE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Code function: 1_2_00A182EA rdtsc

1_2_00A182EA

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Code function: 1_2_009FC1F0 LdrInitializeThunk,

1_2_009FC1F0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: mgEXk8ip26.exe	String found in binary or memory: rapeflowwj.lat
Source: mgEXk8ip26.exe	String found in binary or memory: sustainskelet.lat
Source: mgEXk8ip26.exe	String found in binary or memory: crosshuaht.lat
Source: mgEXk8ip26.exe	String found in binary or memory: energyaffai.lat
Source: mgEXk8ip26.exe	String found in binary or memory: aspecteirs.lat
Source: mgEXk8ip26.exe	String found in binary or memory: discokeyus.lat
Source: mgEXk8ip26.exe	String found in binary or memory: necklacebudi.lat
Source: mgEXk8ip26.exe	String found in binary or memory: sweepyribs.lat
Source: mgEXk8ip26.exe	String found in binary or memory: grannyejh.lat

Source: mgEXk8ip26.exe, mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: nI\uProgram Manager
Source: mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: onI\uProgram Manager

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.66.86	lev-tolstoi.com	United States		13335	CLOUDFLARENETUS	false
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	false

Contacted Domains

Name	IP	Active
steamcommunity.com	104.102.49.254	true
lev-tolstoi.com	104.21.66.86	true
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
sustainskelet.lat	unknown	unknown
crosshuaht.lat	unknown	unknown
rapeflowwj.lat	unknown	unknown
grannyejh.lat	unknown	unknown
aspecteirs.lat	unknown	unknown
sweepyribs.lat	unknown	unknown
discokeyus.lat	unknown	unknown
energyaffai.lat	unknown	unknown
necklacebudi.lat	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
aspecteirs.lat	false	high
sweepyribs.lat	false	high
sustainskelet.lat	false	high
rapeflowwj.lat	false	high
https://steamcommunity.com/profiles/76561199724331900	false	high
energyaffai.lat	false	high
https://lev-tolstoi.com/api	false	high
grannyejh.lat	false	high
necklacebudi.lat	false	high
crosshuaht.lat	false	high

AV Detection

Antivirus / Scanner detection for submitted sample

Source: mgEXk8ip26.exe

Avira: detected

Found malware configuration

Source: mgEXk8ip26.exe.7352.1.memstrmin

Multi AV Scanner detection for submitted file

Source: mgEXk8ip26.exe	Virustotal: Detection: 51%			Perma Link
Source: mgEXk8ip26.exe	ReversingLabs: Detection: 57%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: mgEXk8ip26.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: rapeflowwj.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: crosshuaht.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: sustainskelet.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: aspecteirs.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: energyaffai.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: necklacebudi.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: discokeyus.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: grannyejh.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: sweepyribs.lat
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: PsFKDg--pablo

Uses 32bit PE files

Source: mgEXk8ip26.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49718 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]	1_2_009FC767
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then lea edx, dword ptr [ecx+01h]	1_2_009CB70C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov edx, ecx	1_2_009C9C4A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, esi	1_2_009E2190
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ebx], cx	1_2_009E2190
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h	1_2_009E2190
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]	1_2_009D6263
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then jmp dword ptr [00A0450Ch]	1_2_009D8591
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h	1_2_009F85E0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then jmp eax	1_2_009F85E0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov eax, dword ptr [00A0473Ch]	1_2_009DC653
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]	1_2_009DE7C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	1_2_009EA700
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, edx	1_2_009CC8B6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+4B6A4A26h]	1_2_009CC8B6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov edx, ecx	1_2_009F8810
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh	1_2_009F8810
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh	1_2_009F8810
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then test eax, eax	1_2_009F8810
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_009D682D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]	1_2_009D682D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]	1_2_009D682D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then push ebx	1_2_009FCA93
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], cl	1_2_009ECAD0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], cl	1_2_009ECA49
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp al, 2Eh	1_2_009E6B95
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], cl	1_2_009ECB11
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], cl	1_2_009ECB22
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_009DCB40
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [esi], cx	1_2_009DCB40
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_009E8B61
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	1_2_009FECA0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov eax, dword ptr [ebp-68h]	1_2_009E8D93
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, eax	1_2_009FAEC0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]	1_2_009FEFB0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then xor byte ptr [esp+eax+17h], al	1_2_009C8F50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [edi], bl	1_2_009C8F50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then push C0BFD6CCh	1_2_009E3086
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then push C0BFD6CCh	1_2_009E3086
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ecx], dx	1_2_009E91DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	1_2_009E91DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h	1_2_009FB1D0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, eax	1_2_009FB1D0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	1_2_009EB170
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ebx], ax	1_2_009DB2E0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]	1_2_009D5220
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	1_2_009D7380
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h	1_2_009DD380
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax]	1_2_009FF330
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ecx], dx	1_2_009E91DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-20h]	1_2_009E91DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	1_2_009C74F0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	1_2_009C74F0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]	1_2_009D7380
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	1_2_009F5450
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then xor edi, edi	1_2_009D759F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, eax	1_2_009C9580
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ebp+00h], ax	1_2_009C9580
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov esi, eax	1_2_009D5799
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, eax	1_2_009D5799
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx eax, word ptr [edx]	1_2_009D97C2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [edi], dx	1_2_009D97C2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [esi], cx	1_2_009D97C2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov word ptr [ecx], bp	1_2_009DD83A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then jmp eax	1_2_009E984F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]	1_2_009E3860
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, eax	1_2_009C5990
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebp, eax	1_2_009C5990
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000080h]	1_2_009D79C1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then push esi	1_2_009E7AD3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [esi], al	1_2_009EDA53
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, eax	1_2_009CDBD9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ebx, eax	1_2_009CDBD9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then push 00000000h	1_2_009E9C2B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]	1_2_009D7DEE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then jmp dword ptr [00A055F4h]	1_2_009E5E30
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov edx, ebp	1_2_009E5E70
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then jmp ecx	1_2_009CBFFD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov ecx, ebx	1_2_009EDFE9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov byte ptr [esi], al	1_2_009DBF14
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 4x nop then mov eax, dword ptr [ebx+edi+44h]	1_2_009D9F30

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.6:63895 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.6:50654 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:53798 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.6:50275 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.6:53314 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.6:53448 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.6:50418 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.6:53102 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.6:63860 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49716 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49718 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49718 -> 104.21.66.86:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: crosshuaht.lat
Source: Malware configuration extractor	URLs: discokeyus.lat
Source: Malware configuration extractor	URLs: necklacebudi.lat
Source: Malware configuration extractor	URLs: grannyejh.lat
Source: Malware configuration extractor	URLs: sustainskelet.lat
Source: Malware configuration extractor	URLs: aspecteirs.lat
Source: Malware configuration extractor	URLs: energyaffai.lat
Source: Malware configuration extractor	URLs: sweepyribs.lat
Source: Malware configuration extractor	URLs: rapeflowwj.lat

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.21.66.86 104.21.66.86
Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49724 -> 104.21.66.86:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49716 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49718 -> 104.21.66.86:443

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: global traffic	DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic	DNS traffic detected: DNS query: grannyejh.lat
Source: global traffic	DNS traffic detected: DNS query: discokeyus.lat
Source: global traffic	DNS traffic detected: DNS query: necklacebudi.lat
Source: global traffic	DNS traffic detected: DNS query: energyaffai.lat
Source: global traffic	DNS traffic detected: DNS query: aspecteirs.lat
Source: global traffic	DNS traffic detected: DNS query: sustainskelet.lat
Source: global traffic	DNS traffic detected: DNS query: crosshuaht.lat
Source: global traffic	DNS traffic detected: DNS query: rapeflowwj.lat
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: lev-tolstoi.com

Source: unknown

Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.c
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aspecteirs.lat:443/api
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.co8
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.1
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.f
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.st
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steam
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamst
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamsta
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.
Source: mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/p
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/pg
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/c
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/sticker
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013CE000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHV
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=engl
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/pro
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.o
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientc
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://energyaffai.lat:443/apiT
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat:443/api
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260432379.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231900797.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2232032860.000000000141B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/api
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/api%
Source: mgEXk8ip26.exe, 00000001.00000002.2260432379.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com/pi
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com:443/api
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lev-tolstoi.com:443/api-
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/L
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytim
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.co
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013CE000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steam
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.c
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/st
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sweepyribs.lat:443/api
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49718 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: mgEXk8ip26.exe	Static PE information: section name:
Source: mgEXk8ip26.exe	Static PE information: section name: .idata
Source: mgEXk8ip26.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C8850	1_2_009C8850
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009CACF0	1_2_009CACF0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2A0A3	1_2_00A2A0A3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF00A8	1_2_00AF00A8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9A0BE	1_2_00A9A0BE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B360AF	1_2_00B360AF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADA080	1_2_00ADA080
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A22094	1_2_00A22094
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B120F6	1_2_00B120F6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A640F7	1_2_00A640F7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3E0F1	1_2_00A3E0F1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACA0F6	1_2_00ACA0F6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE00F3	1_2_00AE00F3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2C033	1_2_00B2C033
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B08032	1_2_00B08032
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3A028	1_2_00A3A028
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6003C	1_2_00A6003C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7603A	1_2_00A7603A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5E009	1_2_00A5E009
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9401B	1_2_00A9401B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACC01E	1_2_00ACC01E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6C06A	1_2_00A6C06A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0E062	1_2_00B0E062
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A28071	1_2_00A28071
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEC049	1_2_00AEC049
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF6042	1_2_00AF6042
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24046	1_2_00B24046
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC81A4	1_2_00AC81A4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E2190	1_2_009E2190
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3E1A4	1_2_00B3E1A4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A26181	1_2_00A26181
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24198	1_2_00B24198
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A42188	1_2_00A42188
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5219E	1_2_00A5219E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0C1E3	1_2_00B0C1E3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B041E6	1_2_00B041E6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E41C0	1_2_009E41C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA41F4	1_2_00AA41F4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABC1CF	1_2_00ABC1CF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADC1C6	1_2_00ADC1C6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA21DF	1_2_00AA21DF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A20121	1_2_00A20121
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD612A	1_2_00AD612A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A98109	1_2_00A98109
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB0109	1_2_00AB0109
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1A11F	1_2_00B1A11F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC211A	1_2_00AC211A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A34118	1_2_00A34118
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9416E	1_2_00A9416E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD816A	1_2_00AD816A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A66168	1_2_00A66168
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A48174	1_2_00A48174
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A82170	1_2_00A82170
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A56179	1_2_00A56179
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFC14E	1_2_00AFC14E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A70157	1_2_00A70157
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3214B	1_2_00B3214B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E	1_2_00A5A15E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A80155	1_2_00A80155
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009DE290	1_2_009DE290
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C6280	1_2_009C6280
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1A293	1_2_00B1A293
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACE288	1_2_00ACE288
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7C28D	1_2_00A7C28D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A36293	1_2_00A36293
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A60293	1_2_00A60293
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6829E	1_2_00A6829E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4E29E	1_2_00A4E29E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8E2EB	1_2_00A8E2EB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB22E8	1_2_00AB22E8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A662FC	1_2_00A662FC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE82F4	1_2_00AE82F4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE42F1	1_2_00AE42F1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A242C1	1_2_00A242C1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B302DA	1_2_00B302DA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF82D2	1_2_00AF82D2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAA22A	1_2_00AAA22A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6620A	1_2_00A6620A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5C21D	1_2_00A5C21D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA0210	1_2_00AA0210
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEA26E	1_2_00AEA26E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B26271	1_2_00B26271
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD0268	1_2_00AD0268
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABA26D	1_2_00ABA26D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3026B	1_2_00A3026B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009D6263	1_2_009D6263
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A383B5	1_2_00A383B5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B023AA	1_2_00B023AA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E4380	1_2_009E4380
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3E393	1_2_00B3E393
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF6398	1_2_00AF6398
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2A3ED	1_2_00A2A3ED
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009EC3FC	1_2_009EC3FC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B143DE	1_2_00B143DE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A723D5	1_2_00A723D5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3A3CD	1_2_00B3A3CD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1E338	1_2_00B1E338
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0433C	1_2_00B0433C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACC321	1_2_00ACC321
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABA325	1_2_00ABA325
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA833B	1_2_00AA833B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E830D	1_2_009E830D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B4232D	1_2_00B4232D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9E333	1_2_00A9E333
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009EA33F	1_2_009EA33F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6A300	1_2_00A6A300
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7430F	1_2_00A7430F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6E30C	1_2_00A6E30C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C8330	1_2_009C8330
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADE314	1_2_00ADE314
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C4320	1_2_009C4320
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB6317	1_2_00AB6317
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B06374	1_2_00B06374
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B22362	1_2_00B22362
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0C36F	1_2_00B0C36F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEC34E	1_2_00AEC34E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9234A	1_2_00A9234A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5E4A7	1_2_00A5E4A7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACE4A8	1_2_00ACE4A8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2E4AB	1_2_00B2E4AB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEE4B4	1_2_00AEE4B4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAC4B6	1_2_00AAC4B6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A22480	1_2_00A22480
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF4486	1_2_00AF4486
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2A48B	1_2_00B2A48B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACA4FC	1_2_00ACA4FC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8A4FD	1_2_00A8A4FD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD64F5	1_2_00AD64F5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3E4DC	1_2_00A3E4DC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABE4D4	1_2_00ABE4D4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8C429	1_2_00A8C429
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A76423	1_2_00A76423
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1643D	1_2_00B1643D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC043C	1_2_00AC043C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A50430	1_2_00A50430
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8E434	1_2_00A8E434
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A28406	1_2_00A28406
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFE409	1_2_00AFE409
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A70400	1_2_00A70400
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A24411	1_2_00A24411
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADA419	1_2_00ADA419
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A40461	1_2_00A40461
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD2463	1_2_00AD2463
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA647D	1_2_00AA647D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2C47E	1_2_00A2C47E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC645C	1_2_00AC645C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A44455	1_2_00A44455
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE0451	1_2_00AE0451
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3C5A7	1_2_00A3C5A7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A765A8	1_2_00A765A8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A94585	1_2_00A94585
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9C599	1_2_00A9C599
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF0594	1_2_00AF0594
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF85EF	1_2_00AF85EF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAA5EB	1_2_00AAA5EB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB85E3	1_2_00AB85E3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0A5E5	1_2_00B0A5E5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A405F3	1_2_00A405F3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2C5E5	1_2_00B2C5E5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC25F3	1_2_00AC25F3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B365CE	1_2_00B365CE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E2510	1_2_009E2510
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF253C	1_2_00AF253C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4A533	1_2_00A4A533
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD0533	1_2_00AD0533
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A56503	1_2_00A56503
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFA51B	1_2_00AFA51B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABC56B	1_2_00ABC56B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B20571	1_2_00B20571
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE256B	1_2_00AE256B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A84561	1_2_00A84561
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAE563	1_2_00AAE563
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A550	1_2_00A5A550
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A686A2	1_2_00A686A2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7C6AF	1_2_00A7C6AF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5C6B1	1_2_00A5C6B1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADE6B9	1_2_00ADE6B9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE86B8	1_2_00AE86B8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3468A	1_2_00A3468A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF6682	1_2_00AF6682
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7E697	1_2_00A7E697
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A36698	1_2_00A36698
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A326EB	1_2_00A326EB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E66D0	1_2_009E66D0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAE6F9	1_2_00AAE6F9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A746F1	1_2_00A746F1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEC6F9	1_2_00AEC6F9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E86C0	1_2_009E86C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A826CB	1_2_00A826CB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B006C1	1_2_00B006C1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B106CB	1_2_00B106CB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A786D8	1_2_00A786D8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA4629	1_2_00AA4629
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3A635	1_2_00B3A635
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A98635	1_2_00A98635
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE6603	1_2_00AE6603
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2E616	1_2_00A2E616
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB266A	1_2_00AB266A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE4666	1_2_00AE4666
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B4267F	1_2_00B4267F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6E656	1_2_00A6E656
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1E7B2	1_2_00B1E7B2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF27A5	1_2_00AF27A5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009D8792	1_2_009D8792
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009CA780	1_2_009CA780
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A66780	1_2_00A66780
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7278D	1_2_00A7278D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAC787	1_2_00AAC787
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009DE7C0	1_2_009DE7C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD07C9	1_2_00AD07C9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A907DA	1_2_00A907DA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA87DE	1_2_00AA87DE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA07D3	1_2_00AA07D3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2C7D9	1_2_00A2C7D9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB872D	1_2_00AB872D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C6710	1_2_009C6710
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2A72E	1_2_00A2A72E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0C723	1_2_00B0C723
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A60732	1_2_00A60732
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC6732	1_2_00AC6732
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A58708	1_2_00A58708
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1470E	1_2_00B1470E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A38766	1_2_00A38766
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B32767	1_2_00B32767
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8C77F	1_2_00A8C77F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A30759	1_2_00A30759
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD28AC	1_2_00AD28AC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B088B8	1_2_00B088B8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A568AF	1_2_00A568AF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD68B8	1_2_00AD68B8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3E8B9	1_2_00A3E8B9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009CC8B6	1_2_009CC8B6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1289F	1_2_00B1289F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADA8E9	1_2_00ADA8E9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A428F7	1_2_00A428F7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E88CB	1_2_009E88CB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB08F2	1_2_00AB08F2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8E8D8	1_2_00A8E8D8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B02833	1_2_00B02833
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B04839	1_2_00B04839
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009F8810	1_2_009F8810
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACC80A	1_2_00ACC80A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009D682D	1_2_009D682D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A70813	1_2_00A70813
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3A872	1_2_00B3A872
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A50860	1_2_00A50860
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1687A	1_2_00B1687A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABE87B	1_2_00ABE87B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2A85D	1_2_00B2A85D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC89AC	1_2_00AC89AC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB49AA	1_2_00AB49AA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEC9B5	1_2_00AEC9B5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8098C	1_2_00A8098C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A40981	1_2_00A40981
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A52980	1_2_00A52980
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA6985	1_2_00AA6985
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF499C	1_2_00AF499C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8899C	1_2_00A8899C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6A998	1_2_00A6A998
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3C9E6	1_2_00A3C9E6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFC9E7	1_2_00AFC9E7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADE9E2	1_2_00ADE9E2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A589F3	1_2_00A589F3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A389C0	1_2_00A389C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB69CE	1_2_00AB69CE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE29C7	1_2_00AE29C7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABA9D3	1_2_00ABA9D3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A86928	1_2_00A86928
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A92921	1_2_00A92921
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5E92F	1_2_00A5E92F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAA90B	1_2_00AAA90B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E0939	1_2_009E0939
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A28905	1_2_00A28905
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A90919	1_2_00A90919
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC0916	1_2_00AC0916
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A26919	1_2_00A26919
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2E970	1_2_00B2E970
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEE97F	1_2_00AEE97F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A96975	1_2_00A96975
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009F0940	1_2_009F0940
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6C979	1_2_00A6C979
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A20942	1_2_00A20942
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABC94D	1_2_00ABC94D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5495F	1_2_00A5495F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEEAAE	1_2_00AEEAAE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACAABF	1_2_00ACAABF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B42A99	1_2_00B42A99
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB2A95	1_2_00AB2A95
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009ECAD0	1_2_009ECAD0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC6AF7	1_2_00AC6AF7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACEAF7	1_2_00ACEAF7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B18AD5	1_2_00B18AD5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD6ACA	1_2_00AD6ACA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A58ADF	1_2_00A58ADF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF6A2E	1_2_00AF6A2E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009CEA10	1_2_009CEA10
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC2A3C	1_2_00AC2A3C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6EA3A	1_2_00A6EA3A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A94A03	1_2_00A94A03
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADAA78	1_2_00ADAA78
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009ECA49	1_2_009ECA49
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB8A74	1_2_00AB8A74
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0CA6F	1_2_00B0CA6F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A24BA5	1_2_00A24BA5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A72BBB	1_2_00A72BBB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3ABBE	1_2_00A3ABBE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFEB8B	1_2_00AFEB8B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9CB8F	1_2_00A9CB8F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A66B81	1_2_00A66B81
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3AB9F	1_2_00B3AB9F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B14B85	1_2_00B14B85
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AACBF4	1_2_00AACBF4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A74BC9	1_2_00A74BC9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A46B22	1_2_00A46B22
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009ECB11	1_2_009ECB11
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A36B31	1_2_00A36B31
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009F6B08	1_2_009F6B08
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AECB32	1_2_00AECB32
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADCB0F	1_2_00ADCB0F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2EB00	1_2_00A2EB00
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5CB0E	1_2_00A5CB0E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009ECB22	1_2_009ECB22
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABAB61	1_2_00ABAB61
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B08B7C	1_2_00B08B7C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B30B7F	1_2_00B30B7F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E6B50	1_2_009E6B50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009DCB40	1_2_009DCB40
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A88CAF	1_2_00A88CAF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009EAC90	1_2_009EAC90
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A22CB9	1_2_00A22CB9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9EC81	1_2_00A9EC81
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA8C86	1_2_00AA8C86
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB4C90	1_2_00AB4C90
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009FECA0	1_2_009FECA0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A92CEF	1_2_00A92CEF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A80CCB	1_2_00A80CCB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6CCCE	1_2_00A6CCCE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3EC2E	1_2_00A3EC2E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB0C38	1_2_00AB0C38
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A82C3C	1_2_00A82C3C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA2C3C	1_2_00AA2C3C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A30C03	1_2_00A30C03
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B12C11	1_2_00B12C11
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A44C6D	1_2_00A44C6D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF0C42	1_2_00AF0C42
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C4C60	1_2_009C4C60
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADADA1	1_2_00ADADA1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0EDAE	1_2_00B0EDAE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2AD87	1_2_00A2AD87
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A68D8C	1_2_00A68D8C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B42D88	1_2_00B42D88
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3CD8C	1_2_00B3CD8C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5ADE5	1_2_00A5ADE5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2EDD3	1_2_00B2EDD3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A38DC6	1_2_00A38DC6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC8DC7	1_2_00AC8DC7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A98DC7	1_2_00A98DC7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5EDDD	1_2_00A5EDDD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7EDD8	1_2_00A7EDD8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE6DD1	1_2_00AE6DD1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC0D2A	1_2_00AC0D2A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6AD2A	1_2_00A6AD2A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3AD2B	1_2_00B3AD2B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A90D30	1_2_00A90D30
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A94D0F	1_2_00A94D0F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8AD1C	1_2_00A8AD1C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD4D6D	1_2_00AD4D6D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB6D6D	1_2_00AB6D6D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009CCD46	1_2_009CCD46
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AECD48	1_2_00AECD48
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEED44	1_2_00AEED44
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A26D54	1_2_00A26D54
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A34EA0	1_2_00A34EA0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF4EA9	1_2_00AF4EA9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEAEBC	1_2_00AEAEBC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA0EB0	1_2_00AA0EB0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE0E81	1_2_00AE0E81
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B00E86	1_2_00B00E86
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A66EE7	1_2_00A66EE7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABAEE7	1_2_00ABAEE7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACAEFD	1_2_00ACAEFD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB8EF9	1_2_00AB8EF9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009FAEC0	1_2_009FAEC0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC0ECF	1_2_00AC0ECF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A76ECE	1_2_00A76ECE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B06EC3	1_2_00B06EC3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B22ECE	1_2_00B22ECE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B34E21	1_2_00B34E21
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B26E2E	1_2_00B26E2E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFCE32	1_2_00AFCE32
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE8E0F	1_2_00AE8E0F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B20E11	1_2_00B20E11
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAAE0D	1_2_00AAAE0D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9AE16	1_2_00A9AE16
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD6E6F	1_2_00AD6E6F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A28E61	1_2_00A28E61
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0CE61	1_2_00B0CE61
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A42E7F	1_2_00A42E7F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A56E47	1_2_00A56E47
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB4E43	1_2_00AB4E43
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009F6E74	1_2_009F6E74
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE2E59	1_2_00AE2E59
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AECE50	1_2_00AECE50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A24FA6	1_2_00A24FA6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3AFA5	1_2_00A3AFA5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A54FAF	1_2_00A54FAF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B04FA8	1_2_00B04FA8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0AFAC	1_2_00B0AFAC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF0FB2	1_2_00AF0FB2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A46F87	1_2_00A46F87
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009FEFB0	1_2_009FEFB0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A82F90	1_2_00A82F90
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A64FF2	1_2_00A64FF2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6CFDA	1_2_00A6CFDA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B10FCC	1_2_00B10FCC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE4F2B	1_2_00AE4F2B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B32F35	1_2_00B32F35
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8AF27	1_2_00A8AF27
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B28F21	1_2_00B28F21
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA8F34	1_2_00AA8F34
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB0F68	1_2_00AB0F68
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009F8F59	1_2_009F8F59
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A22F64	1_2_00A22F64
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B12F78	1_2_00B12F78
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C2F50	1_2_009C2F50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E0F50	1_2_009E0F50
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC6F70	1_2_00AC6F70
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009ECF74	1_2_009ECF74
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A78F57	1_2_00A78F57
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3EF5C	1_2_00A3EF5C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF10A2	1_2_00AF10A2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B150BC	1_2_00B150BC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF30B0	1_2_00AF30B0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC3085	1_2_00AC3085
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3F092	1_2_00A3F092
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B39081	1_2_00B39081
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF9091	1_2_00AF9091
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD30E5	1_2_00AD30E5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A990E7	1_2_00A990E7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A830FB	1_2_00A830FB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A490F1	1_2_00A490F1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3D0F4	1_2_00A3D0F4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A710C9	1_2_00A710C9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD9021	1_2_00AD9021
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B0903E	1_2_00B0903E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8B072	1_2_00A8B072
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B2D052	1_2_00B2D052
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4F048	1_2_00A4F048
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4D1B6	1_2_00A4D1B6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AEF1BC	1_2_00AEF1BC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF518F	1_2_00AF518F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009C91B0	1_2_009C91B0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2918F	1_2_00A2918F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A51188	1_2_00A51188
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A65192	1_2_00A65192
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E91DD	1_2_009E91DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AAD1EF	1_2_00AAD1EF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009FB1D0	1_2_009FB1D0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB31F8	1_2_00AB31F8
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E31C2	1_2_009E31C2
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A791F9	1_2_00A791F9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9F1F6	1_2_00A9F1F6
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A351CA	1_2_00A351CA
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A6B1CD	1_2_00A6B1CD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AF71DC	1_2_00AF71DC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD71D4	1_2_00AD71D4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B3D1CC	1_2_00B3D1CC
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A73137	1_2_00A73137
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ABF135	1_2_00ABF135
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9510C	1_2_00A9510C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B37114	1_2_00B37114
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4510F	1_2_00A4510F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7B10B	1_2_00A7B10B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AA311A	1_2_00AA311A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A9D11C	1_2_00A9D11C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A7511E	1_2_00A7511E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ADB167	1_2_00ADB167
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B1F16B	1_2_00B1F16B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A8D148	1_2_00A8D148
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B412B0	1_2_00B412B0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B032A1	1_2_00B032A1
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A952BD	1_2_00A952BD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AE7298	1_2_00AE7298
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5529A	1_2_00A5529A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009E52DD	1_2_009E52DD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00ACB2E9	1_2_00ACB2E9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AED2E3	1_2_00AED2E3
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009DB2E0	1_2_009DB2E0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B05234	1_2_00B05234
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A69235	1_2_00A69235
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A4123F	1_2_00A4123F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B7F212	1_2_00B7F212
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AD1217	1_2_00AD1217
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AB9217	1_2_00AB9217
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_009D5220	1_2_009D5220
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AC9240	1_2_00AC9240
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00AFB252	1_2_00AFB252
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A3B3AD	1_2_00A3B3AD
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A2D3B7	1_2_00A2D3B7
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A33387	1_2_00A33387

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: String function: 009C8030 appears 44 times
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: String function: 009D4400 appears 65 times

Uses 32bit PE files

Source: mgEXk8ip26.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: mgEXk8ip26.exe	Static PE information: Section: ZLIB complexity 0.9973913741438356
Source: mgEXk8ip26.exe	Static PE information: Section: mafhbcbe ZLIB complexity 0.9949235744251088

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@11/2

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Code function: 1_2_009F0C70 CoCreateInstance,

1_2_009F0C70

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: mgEXk8ip26.exe	Virustotal: Detection: 51%
Source: mgEXk8ip26.exe	ReversingLabs: Detection: 57%

Source: mgEXk8ip26.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

File read: C:\Users\user\Desktop\mgEXk8ip26.exe

Jump to behavior

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: mgEXk8ip26.exe

Static file information: File size 1812480 > 1048576

Source: mgEXk8ip26.exe

Static PE information: Raw size of mafhbcbe is bigger than: 0x100000 < 0x192400

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Unpacked PE file: 1.2.mgEXk8ip26.exe.9c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mafhbcbe:EW;qztbpyyk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mafhbcbe:EW;qztbpyyk:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: mgEXk8ip26.exe

Static PE information: real checksum: 0x1c57bf should be: 0x1c574f

PE file contains sections with non-standard names

Source: mgEXk8ip26.exe	Static PE information: section name:
Source: mgEXk8ip26.exe	Static PE information: section name: .idata
Source: mgEXk8ip26.exe	Static PE information: section name:
Source: mgEXk8ip26.exe	Static PE information: section name: mafhbcbe
Source: mgEXk8ip26.exe	Static PE information: section name: qztbpyyk
Source: mgEXk8ip26.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A18561 push edi; mov dword ptr [esp], 491C642Ch	1_2_00A196E5
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A16081 push ecx; mov dword ptr [esp], esi	1_2_00A1677A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C16088 push edi; mov dword ptr [esp], 7D560DBBh	1_2_00C16126
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C3608F push edi; mov dword ptr [esp], ebp	1_2_00C360B4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C3608F push 222572B7h; mov dword ptr [esp], ecx	1_2_00C360FB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C3608F push 4CD0390Fh; mov dword ptr [esp], eax	1_2_00C36125
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A16030 push edx; mov dword ptr [esp], edi	1_2_00A160FB
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C1E1E2 push 4F87F313h; mov dword ptr [esp], ecx	1_2_00C1E37E
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24198 push edi; mov dword ptr [esp], esi	1_2_00B24648
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24198 push ebp; mov dword ptr [esp], esi	1_2_00B2472B
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24198 push edx; mov dword ptr [esp], eax	1_2_00B24791
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B24198 push ebp; mov dword ptr [esp], ecx	1_2_00B2481C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C4A1EA push 26AFF980h; mov dword ptr [esp], ebp	1_2_00C4A22A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00C3019C push 4EE1FB50h; mov dword ptr [esp], esi	1_2_00C309A9
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A1C109 push edx; mov dword ptr [esp], ebx	1_2_00A1C13F
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A1C109 push eax; mov dword ptr [esp], edi	1_2_00A1D8B0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A1C109 push eax; mov dword ptr [esp], ebx	1_2_00A1D8C0
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A1C109 push edi; mov dword ptr [esp], esp	1_2_00A1D8C4
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push ecx; mov dword ptr [esp], eax	1_2_00A5A591
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push ebp; mov dword ptr [esp], ecx	1_2_00A5A634
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push ebx; mov dword ptr [esp], 6B4D1EC6h	1_2_00A5A677
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push 5A0E57DFh; mov dword ptr [esp], edx	1_2_00A5A686
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push 4E191A61h; mov dword ptr [esp], ecx	1_2_00A5A6FF
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push 3980903Ch; mov dword ptr [esp], ebp	1_2_00A5A746
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push ebp; mov dword ptr [esp], 70BD39AFh	1_2_00A5A762
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A5A15E push 08BED67Bh; mov dword ptr [esp], eax	1_2_00A5A77A
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00A1615C push edx; mov dword ptr [esp], 43CDD200h	1_2_00A1615D
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00BF62FF push 2EDA0CACh; mov dword ptr [esp], edi	1_2_00BF632C
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B302DA push 016678CBh; mov dword ptr [esp], edx	1_2_00B30884
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B302DA push edx; mov dword ptr [esp], esi	1_2_00B308AE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Code function: 1_2_00B302DA push 16BAC7B2h; mov dword ptr [esp], ebx	1_2_00B30985

Source: mgEXk8ip26.exe	Static PE information: section name: entropy: 7.9812986672482875
Source: mgEXk8ip26.exe	Static PE information: section name: mafhbcbe entropy: 7.954300989744655

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B88B0A second address: B88B10 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B88B10 second address: B88B36 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007FA398747046h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FA39874704Fh 0x00000014 pop esi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B88B36 second address: B88B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518360h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B88E35 second address: B88E3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B88E3B second address: B88E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007FA398518365h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jl 00007FA398518356h 0x00000013 popad 0x00000014 pushad 0x00000015 jnl 00007FA398518356h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A73E second address: B8A742 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A801 second address: B8A816 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA398518358h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A816 second address: B8A81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A81B second address: B8A820 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A820 second address: B8A846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FA39874704Fh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 ja 00007FA398747046h 0x0000001b pop edi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8A981 second address: B8A9D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FA398518361h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d add dword ptr [esp], 206E36A4h 0x00000014 sbb ecx, 5B76B333h 0x0000001a push 00000003h 0x0000001c movsx ecx, bx 0x0000001f jmp 00007FA39851835Eh 0x00000024 push 00000000h 0x00000026 mov dh, 07h 0x00000028 push 00000003h 0x0000002a add si, 1500h 0x0000002f adc cx, 21B8h 0x00000034 push 6E33C8EDh 0x00000039 pushad 0x0000003a pushad 0x0000003b push ebx 0x0000003c pop ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8AB0D second address: B8AB11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8AB11 second address: B8AB6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 add dword ptr [esp], 692FD9D6h 0x0000000e pushad 0x0000000f stc 0x00000010 popad 0x00000011 push 00000003h 0x00000013 movzx ecx, bx 0x00000016 jmp 00007FA39851835Bh 0x0000001b push 00000000h 0x0000001d jmp 00007FA398518368h 0x00000022 push 00000003h 0x00000024 mov ecx, dword ptr [ebp+122D28B3h] 0x0000002a push C90E6240h 0x0000002f pushad 0x00000030 push ecx 0x00000031 jmp 00007FA39851835Bh 0x00000036 pop ecx 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8AB6A second address: B8AB8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 xor dword ptr [esp], 090E6240h 0x0000000d movsx ecx, si 0x00000010 lea ebx, dword ptr [ebp+124466ABh] 0x00000016 mov si, dx 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pop eax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B8AB8A second address: B8AB94 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAA4B4 second address: BAA4B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAA4B8 second address: BAA4C8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA398518356h 0x00000008 je 00007FA398518356h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAA4C8 second address: BAA4E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA398747057h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAAB68 second address: BAAB82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 jg 00007FA398518356h 0x0000000c pop ebx 0x0000000d jo 00007FA398518358h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAAB82 second address: BAAB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007FA398747046h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAAB95 second address: BAAB99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAAF9D second address: BAAFA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA398747046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAB13E second address: BAB160 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518368h 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007FA398518356h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAB160 second address: BAB173 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BA0FD3 second address: BA0FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA398518364h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BA0FEF second address: BA0FF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BA0FF3 second address: BA1011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39851835Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FA39851835Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BA1011 second address: BA101B instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA39874704Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BA101B second address: BA103A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FA398518356h 0x0000000e jmp 00007FA398518361h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABB2A second address: BABB34 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABB34 second address: BABB58 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FA398518365h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jl 00007FA398518356h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABB58 second address: BABB7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39874704Ah 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FA39874705Ah 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jc 00007FA398747046h 0x0000001e push esi 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABCAF second address: BABCB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABCB9 second address: BABCBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABCBF second address: BABCC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABCC3 second address: BABCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BABE82 second address: BABE93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B81496 second address: B814CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push edi 0x00000007 jmp 00007FA39874704Ah 0x0000000c jmp 00007FA39874704Bh 0x00000011 pop edi 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FA39874704Fh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAC338 second address: BAC340 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAC340 second address: BAC344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAF454 second address: BAF46F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jmp 00007FA39851835Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BAF46F second address: BAF473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB3843 second address: BB3847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB3847 second address: BB386F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA39874704Dh 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB386F second address: BB3873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB3873 second address: BB3877 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB39D3 second address: BB39EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518360h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FA398518356h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB39EF second address: BB39F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB39F3 second address: BB3A19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FA39851835Bh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jg 00007FA398518368h 0x00000018 push eax 0x00000019 push edx 0x0000001a jnl 00007FA398518356h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB2383 second address: BB239D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747056h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8C7C second address: BB8C80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8C80 second address: BB8C86 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8C86 second address: BB8C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8C91 second address: BB8CA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push edx 0x00000009 push esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c jnc 00007FA398747046h 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8056 second address: BB805C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB81D4 second address: BB81D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB81D8 second address: BB81E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FA39851835Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB81E6 second address: BB8206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 jmp 00007FA398747057h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8206 second address: BB820C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB820C second address: BB8213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB84FD second address: BB8505 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB8B32 second address: BB8B38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB94F6 second address: BB954A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39851835Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FA398518363h 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 pushad 0x00000016 jmp 00007FA398518365h 0x0000001b jnl 00007FA398518356h 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FA39851835Bh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB954A second address: BB954E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB9829 second address: BB982D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB982D second address: BB9833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB9947 second address: BB9951 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB9951 second address: BB9957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BB9A0B second address: BB9A11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBA076 second address: BBA089 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBA200 second address: BBA217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518362h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBA217 second address: BBA21D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBA570 second address: BBA57C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBA75E second address: BBA77E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747058h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBABF5 second address: BBABFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBABFA second address: BBAC00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBAC00 second address: BBAC88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39851835Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edi, edx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007FA398518358h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 0000001Ah 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c sub esi, dword ptr [ebp+122D1A07h] 0x00000032 push eax 0x00000033 call 00007FA39851835Bh 0x00000038 mov dword ptr [ebp+122D3986h], edi 0x0000003e pop esi 0x0000003f pop edi 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push esi 0x00000045 call 00007FA398518358h 0x0000004a pop esi 0x0000004b mov dword ptr [esp+04h], esi 0x0000004f add dword ptr [esp+04h], 0000001Dh 0x00000057 inc esi 0x00000058 push esi 0x00000059 ret 0x0000005a pop esi 0x0000005b ret 0x0000005c push eax 0x0000005d je 00007FA398518364h 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBAC88 second address: BBAC8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBB687 second address: BBB6AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518367h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FA398518356h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBC5E4 second address: BBC5E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBC5E8 second address: BBC5EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBD0AA second address: BBD0AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBD0AE second address: BBD0B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBD0B2 second address: BBD13E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov si, bx 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007FA398747048h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 mov di, si 0x0000002b jmp 00007FA398747057h 0x00000030 xchg eax, ebx 0x00000031 jmp 00007FA398747056h 0x00000036 push eax 0x00000037 pushad 0x00000038 jnc 00007FA398747054h 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FA398747057h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBD8CB second address: BBD8CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBE343 second address: BBE37A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747058h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FA398747057h 0x00000013 jmp 00007FA398747051h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBD8CF second address: BBD8D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBEE34 second address: BBEE5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FA398747059h 0x0000000a popad 0x0000000b push eax 0x0000000c jg 00007FA398747054h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBFB5C second address: BBFB60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBEE5E second address: BBEE62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBFB60 second address: BBFBA1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA398518366h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 mov edi, edx 0x00000015 push 00000000h 0x00000017 mov esi, 1C19B1B1h 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f xor esi, dword ptr [ebp+122D2AAFh] 0x00000025 pop edi 0x00000026 push eax 0x00000027 push ebx 0x00000028 jnp 00007FA39851835Ch 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC1B3E second address: BC1B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B78F6C second address: B78F87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518366h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B758A5 second address: B758AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B758AE second address: B758B4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: B758B4 second address: B758BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC67ED second address: BC6802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA398518356h 0x0000000a popad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC7748 second address: BC7766 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747053h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC7766 second address: BC776C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC691D second address: BC6921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC877E second address: BC878B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC878B second address: BC8795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA398747046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC8795 second address: BC87E9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 sub ebx, 5780B40Fh 0x0000000f mov dword ptr [ebp+122D2786h], eax 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007FA398518358h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 sub edi, dword ptr [ebp+122D295Bh] 0x00000037 push 00000000h 0x00000039 jmp 00007FA39851835Bh 0x0000003e add dword ptr [ebp+122D23FBh], ebx 0x00000044 push eax 0x00000045 push edx 0x00000046 push edi 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC9930 second address: BC99B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA398747046h 0x0000000a popad 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push dword ptr fs:[00000000h] 0x00000016 adc di, B803h 0x0000001b mov dword ptr [ebp+122D1837h], ebx 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 push 00000000h 0x0000002a push ebp 0x0000002b call 00007FA398747048h 0x00000030 pop ebp 0x00000031 mov dword ptr [esp+04h], ebp 0x00000035 add dword ptr [esp+04h], 00000016h 0x0000003d inc ebp 0x0000003e push ebp 0x0000003f ret 0x00000040 pop ebp 0x00000041 ret 0x00000042 mov dword ptr [ebp+122D27A9h], esi 0x00000048 mov eax, dword ptr [ebp+122D0041h] 0x0000004e push 00000000h 0x00000050 push edx 0x00000051 call 00007FA398747048h 0x00000056 pop edx 0x00000057 mov dword ptr [esp+04h], edx 0x0000005b add dword ptr [esp+04h], 00000018h 0x00000063 inc edx 0x00000064 push edx 0x00000065 ret 0x00000066 pop edx 0x00000067 ret 0x00000068 mov dword ptr [ebp+122D27B3h], esi 0x0000006e push FFFFFFFFh 0x00000070 and di, 5E70h 0x00000075 nop 0x00000076 pushad 0x00000077 push edx 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC99B4 second address: BC99EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 je 00007FA398518367h 0x0000000b jmp 00007FA398518361h 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA398518367h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC99EC second address: BC99FA instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCC82D second address: BCC8A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39851835Ah 0x00000009 popad 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov ebx, dword ptr [ebp+122D29CFh] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007FA398518358h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 mov dword ptr [ebp+1246C1CFh], esi 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ebp 0x0000003b call 00007FA398518358h 0x00000040 pop ebp 0x00000041 mov dword ptr [esp+04h], ebp 0x00000045 add dword ptr [esp+04h], 0000001Bh 0x0000004d inc ebp 0x0000004e push ebp 0x0000004f ret 0x00000050 pop ebp 0x00000051 ret 0x00000052 sub dword ptr [ebp+122D265Dh], esi 0x00000058 xchg eax, esi 0x00000059 push eax 0x0000005a push edx 0x0000005b js 00007FA39851835Ch 0x00000061 jbe 00007FA398518356h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCC8A5 second address: BCC8AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCD7C9 second address: BCD7E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518364h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCD7E1 second address: BCD7E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEA35 second address: BCEA3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCF9D7 second address: BCFA66 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FA398747048h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push edi 0x0000002a call 00007FA398747048h 0x0000002f pop edi 0x00000030 mov dword ptr [esp+04h], edi 0x00000034 add dword ptr [esp+04h], 0000001Bh 0x0000003c inc edi 0x0000003d push edi 0x0000003e ret 0x0000003f pop edi 0x00000040 ret 0x00000041 sub dword ptr [ebp+122D3443h], ebx 0x00000047 push 00000000h 0x00000049 push 00000000h 0x0000004b push ebx 0x0000004c call 00007FA398747048h 0x00000051 pop ebx 0x00000052 mov dword ptr [esp+04h], ebx 0x00000056 add dword ptr [esp+04h], 0000001Ch 0x0000005e inc ebx 0x0000005f push ebx 0x00000060 ret 0x00000061 pop ebx 0x00000062 ret 0x00000063 xchg eax, esi 0x00000064 js 00007FA39874705Bh 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007FA39874704Dh 0x00000071 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCDAE0 second address: BCDAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD195C second address: BD1961 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD27FA second address: BD2883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 nop 0x00000009 mov ebx, esi 0x0000000b push 00000000h 0x0000000d and edi, dword ptr [ebp+122D2837h] 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007FA398518358h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D3794h], esi 0x00000035 mov bl, B6h 0x00000037 xchg eax, esi 0x00000038 push ebx 0x00000039 pushad 0x0000003a jmp 00007FA398518367h 0x0000003f push eax 0x00000040 pop eax 0x00000041 popad 0x00000042 pop ebx 0x00000043 push eax 0x00000044 pushad 0x00000045 jl 00007FA398518366h 0x0000004b jmp 00007FA398518360h 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007FA398518362h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD7457 second address: BD7461 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEBC1 second address: BCEBCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEBCA second address: BCEBD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEBD6 second address: BCEBDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEBDA second address: BCEBDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCEBDE second address: BCEC4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 push dword ptr fs:[00000000h] 0x0000000f stc 0x00000010 mov dword ptr fs:[00000000h], esp 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FA398518358h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 0000001Bh 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 mov eax, dword ptr [ebp+122D0EF5h] 0x00000037 mov edi, eax 0x00000039 push FFFFFFFFh 0x0000003b push 00000000h 0x0000003d push esi 0x0000003e call 00007FA398518358h 0x00000043 pop esi 0x00000044 mov dword ptr [esp+04h], esi 0x00000048 add dword ptr [esp+04h], 00000014h 0x00000050 inc esi 0x00000051 push esi 0x00000052 ret 0x00000053 pop esi 0x00000054 ret 0x00000055 mov dword ptr [ebp+1247CDFAh], eax 0x0000005b push eax 0x0000005c pushad 0x0000005d push eax 0x0000005e push edx 0x0000005f jns 00007FA398518356h 0x00000065 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BDD4BA second address: BDD4D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FA398747056h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BDD4D8 second address: BDD4DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BDD4DC second address: BDD4F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007FA39874704Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BDCBAD second address: BDCBDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007FA39851835Eh 0x0000000d pushad 0x0000000e popad 0x0000000f jp 00007FA398518356h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA398518364h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BDCBDA second address: BDCBDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE46F9 second address: BE470B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 ja 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4DA3 second address: BE4DCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA398747058h 0x00000008 jne 00007FA398747046h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4DCD second address: BE4DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4DD2 second address: BE4E00 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA398747048h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 js 00007FA398747053h 0x00000016 push edx 0x00000017 jmp 00007FA39874704Bh 0x0000001c pop edx 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 ja 00007FA398747046h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4E00 second address: BE4E0D instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4E0D second address: BE4E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4F1A second address: BE4F1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4F1E second address: BE4F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE4F2F second address: BE4F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA398518363h 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007FA398518366h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE5149 second address: A17B18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747055h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jmp 00007FA39874704Ch 0x0000000f push dword ptr [ebp+122D03B1h] 0x00000015 jg 00007FA39874705Ch 0x0000001b call dword ptr [ebp+122D2CCAh] 0x00000021 pushad 0x00000022 pushad 0x00000023 sub dword ptr [ebp+122D3632h], ecx 0x00000029 pushad 0x0000002a movsx ecx, si 0x0000002d mov dx, 5821h 0x00000031 popad 0x00000032 popad 0x00000033 xor eax, eax 0x00000035 mov dword ptr [ebp+122D3632h], esi 0x0000003b mov edx, dword ptr [esp+28h] 0x0000003f pushad 0x00000040 jnp 00007FA398747055h 0x00000046 call 00007FA39874704Eh 0x0000004b pop edi 0x0000004c mov edx, dword ptr [ebp+122D2A1Bh] 0x00000052 popad 0x00000053 mov dword ptr [ebp+122D2A77h], eax 0x00000059 mov dword ptr [ebp+122D2F6Ah], ecx 0x0000005f mov esi, 0000003Ch 0x00000064 pushad 0x00000065 xor dword ptr [ebp+122D18E1h], esi 0x0000006b sub bx, BBC6h 0x00000070 popad 0x00000071 add esi, dword ptr [esp+24h] 0x00000075 mov dword ptr [ebp+122D2F6Ah], eax 0x0000007b lodsw 0x0000007d jnp 00007FA39874704Ch 0x00000083 sub dword ptr [ebp+122D1858h], edx 0x00000089 add eax, dword ptr [esp+24h] 0x0000008d add dword ptr [ebp+122D1858h], edx 0x00000093 mov ebx, dword ptr [esp+24h] 0x00000097 jl 00007FA39874705Eh 0x0000009d push eax 0x0000009e push eax 0x0000009f push edx 0x000000a0 jmp 00007FA39874704Eh 0x000000a5 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BEA0E9 second address: BEA125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007FA39851835Fh 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e popad 0x0000000f jl 00007FA39851837Eh 0x00000015 jmp 00007FA398518364h 0x0000001a pushad 0x0000001b jg 00007FA398518356h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BEA125 second address: BEA12B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9315 second address: BE9337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FA39851836Dh 0x0000000b jmp 00007FA398518361h 0x00000010 jne 00007FA398518356h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9337 second address: BE9354 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA398747059h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9354 second address: BE9358 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9358 second address: BE9380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 pushad 0x00000015 jmp 00007FA39874704Ch 0x0000001a jp 00007FA398747046h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9380 second address: BE9396 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA398518362h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9AC9 second address: BE9ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9ACD second address: BE9AE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FA398518367h 0x0000000c jmp 00007FA39851835Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BE9DDC second address: BE9DE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0650 second address: BF0654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0654 second address: BF0678 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FA398747059h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC39D7 second address: BC39DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC39DC second address: BA0FD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007FA398747058h 0x00000012 lea eax, dword ptr [ebp+1247F761h] 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007FA398747048h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 nop 0x00000033 jg 00007FA39874704Eh 0x00000039 push eax 0x0000003a jmp 00007FA398747054h 0x0000003f nop 0x00000040 push 00000000h 0x00000042 push ecx 0x00000043 call 00007FA398747048h 0x00000048 pop ecx 0x00000049 mov dword ptr [esp+04h], ecx 0x0000004d add dword ptr [esp+04h], 00000019h 0x00000055 inc ecx 0x00000056 push ecx 0x00000057 ret 0x00000058 pop ecx 0x00000059 ret 0x0000005a mov ecx, dword ptr [ebp+122D2953h] 0x00000060 mov dword ptr [ebp+12441072h], eax 0x00000066 call dword ptr [ebp+122D2672h] 0x0000006c pushad 0x0000006d jno 00007FA398747048h 0x00000073 jp 00007FA39874704Eh 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4004 second address: BC400E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC40EB second address: BC40F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC42AE second address: BC42D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edx 0x00000011 push edi 0x00000012 jo 00007FA398518356h 0x00000018 pop edi 0x00000019 pop edx 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e jc 00007FA39851835Ch 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC42D4 second address: BC42D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC42D8 second address: BC42EC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC42EC second address: BC42F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC42F1 second address: BC42F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC43AF second address: BC43B4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4890 second address: BC4902 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FA398518356h 0x00000009 jmp 00007FA398518363h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 js 00007FA39851835Ah 0x00000018 push ecx 0x00000019 pushad 0x0000001a popad 0x0000001b pop ecx 0x0000001c nop 0x0000001d mov di, cx 0x00000020 mov cl, 30h 0x00000022 push 0000001Eh 0x00000024 push 00000000h 0x00000026 push esi 0x00000027 call 00007FA398518358h 0x0000002c pop esi 0x0000002d mov dword ptr [esp+04h], esi 0x00000031 add dword ptr [esp+04h], 00000017h 0x00000039 inc esi 0x0000003a push esi 0x0000003b ret 0x0000003c pop esi 0x0000003d ret 0x0000003e add dh, FFFFFFA2h 0x00000041 mov dl, ch 0x00000043 push eax 0x00000044 push ecx 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FA398518368h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4902 second address: BC4906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4A01 second address: BC4A08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCFC86 second address: BCFC90 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BCFC90 second address: BCFC96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD1AF9 second address: BD1AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD2A7B second address: BD2A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD2A84 second address: BD2A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD2A88 second address: BD2A8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BD5B5C second address: BD5B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4B43 second address: BC4B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4B47 second address: BC4B5D instructions: 0x00000000 rdtsc 0x00000002 je 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f jng 00007FA398747046h 0x00000015 pop eax 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4B5D second address: BC4B63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4B63 second address: BC4B75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4B75 second address: BC4B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 je 00007FA398518356h 0x0000000c pop edx 0x0000000d popad 0x0000000e mov eax, dword ptr [eax] 0x00000010 push ecx 0x00000011 push edi 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jl 00007FA39851835Ch 0x00000022 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4C64 second address: BA1C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 mov dword ptr [ebp+122D2E9Bh], esi 0x0000000d lea eax, dword ptr [ebp+1247F761h] 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007FA398747048h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D27A9h], edi 0x00000033 nop 0x00000034 pushad 0x00000035 jmp 00007FA398747057h 0x0000003a push edi 0x0000003b jp 00007FA398747046h 0x00000041 pop edi 0x00000042 popad 0x00000043 push eax 0x00000044 jo 00007FA39874704Ah 0x0000004a push esi 0x0000004b pushad 0x0000004c popad 0x0000004d pop esi 0x0000004e nop 0x0000004f xor dword ptr [ebp+122D19BBh], edi 0x00000055 call dword ptr [ebp+12446C7Ch] 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007FA39874704Fh 0x00000062 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0C2F second address: BF0C47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518364h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0C47 second address: BF0C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0DA1 second address: BF0DBC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 jbe 00007FA398518356h 0x0000000b pop edx 0x0000000c pushad 0x0000000d jmp 00007FA39851835Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF0DBC second address: BF0DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398747056h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FA398747051h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF10BB second address: BF10ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518360h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b jmp 00007FA398518368h 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF10ED second address: BF10F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF611F second address: BF6125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF6125 second address: BF6129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF6129 second address: BF612D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF6943 second address: BF697D instructions: 0x00000000 rdtsc 0x00000002 js 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007FA398747070h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF697D second address: BF6987 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA398518356h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF6AE6 second address: BF6AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BF6FAB second address: BF6FCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518366h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007FA39851835Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BFC1F7 second address: BFC1FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BFC1FB second address: BFC20C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jbe 00007FA398518356h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BFC20C second address: BFC242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA398747046h 0x0000000a js 00007FA398747046h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007FA39874704Eh 0x00000019 jmp 00007FA398747055h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C01F09 second address: C01F19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA39851835Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C01F19 second address: C01F24 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C00906 second address: C00921 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA398518356h 0x00000008 jmp 00007FA398518361h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C00921 second address: C00930 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jp 00007FA398747046h 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop edx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C00A5E second address: C00A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA398518356h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C00A68 second address: C00A70 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C011AA second address: C011B4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA398518367h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C014A8 second address: C014AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C018BB second address: C018CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 jc 00007FA398518360h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C01D6E second address: C01D7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 js 00007FA398747046h 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C078B2 second address: C078B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C078B6 second address: C078C2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398747046h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C070ED second address: C070F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FA398518356h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C070F9 second address: C0713A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FA398747057h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FA398747058h 0x00000016 popad 0x00000017 pushad 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0713A second address: C07140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C072A0 second address: C072CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FA398747048h 0x00000013 pushad 0x00000014 jo 00007FA398747046h 0x0000001a pushad 0x0000001b popad 0x0000001c jbe 00007FA398747046h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C072CC second address: C072EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518366h 0x00000007 jl 00007FA398518362h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C072EC second address: C072F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0BC2B second address: C0BC2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0BC2F second address: C0BC62 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA398747057h 0x0000000b pushad 0x0000000c jmp 00007FA398747053h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0BDDE second address: C0BDE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0BDE3 second address: C0BDE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0BDE9 second address: C0BDED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0C09C second address: C0C0AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0C0AA second address: C0C0B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0C0B1 second address: C0C0B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C0C0B7 second address: C0C0C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA398518356h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10C52 second address: C10C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 ja 00007FA398747046h 0x0000000c jp 00007FA398747046h 0x00000012 jns 00007FA398747046h 0x00000018 popad 0x00000019 pop ebx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d jo 00007FA398747046h 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10C77 second address: C10C98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518365h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FA398518368h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10E0F second address: C10E19 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10E19 second address: C10E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10E1D second address: C10E21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10F9C second address: C10FA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10FA0 second address: C10FB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10FB3 second address: C10FB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10FB9 second address: C10FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C10FBF second address: C10FC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BC4669 second address: BC466D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C114D7 second address: C114DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1161A second address: C11622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C11622 second address: C1162D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1162D second address: C11631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C11631 second address: C11652 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA398518363h 0x0000000d jnc 00007FA398518356h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C11652 second address: C11656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C12051 second address: C12090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007FA398518368h 0x0000000c push edx 0x0000000d pop edx 0x0000000e jnc 00007FA398518356h 0x00000014 popad 0x00000015 pop esi 0x00000016 pushad 0x00000017 jmp 00007FA398518362h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C157AC second address: C157CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39874704Ah 0x00000009 jmp 00007FA398747050h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C15913 second address: C15930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518366h 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C15D1C second address: C15D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C15D27 second address: C15D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C15D2B second address: C15D2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C15D2F second address: C15D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D8EE second address: C1D8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D8F4 second address: C1D908 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FA39851835Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D908 second address: C1D911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1B84C second address: C1B851 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1B851 second address: C1B873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398747055h 0x00000009 pop esi 0x0000000a jnp 00007FA398747052h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1B9ED second address: C1B9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1B9F1 second address: C1BA0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747055h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1BA0C second address: C1BA12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1BA12 second address: C1BA18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1BE63 second address: C1BE86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA39851835Eh 0x0000000b jmp 00007FA39851835Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1BE86 second address: C1BE90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D346 second address: C1D34A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D34A second address: C1D359 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jl 00007FA39874704Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C1D359 second address: C1D368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jng 00007FA398518356h 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C260DC second address: C260E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA398747046h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C263FD second address: C2640A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FA398518356h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2640A second address: C26410 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C26573 second address: C2657C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2657C second address: C2659A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA398747057h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C268D8 second address: C268DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C26CEC second address: C26CFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C26CFF second address: C26D05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C26D05 second address: C26D1D instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA39874704Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007FA398747046h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C26D1D second address: C26D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2CF34 second address: C2CF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398747055h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2CF4D second address: C2CF56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D0AD second address: C2D0B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D0B1 second address: C2D0EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518363h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jbe 00007FA398518356h 0x00000010 jne 00007FA398518356h 0x00000016 jc 00007FA398518356h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jns 00007FA398518356h 0x00000025 jmp 00007FA39851835Ah 0x0000002a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D370 second address: C2D38F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747056h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D38F second address: C2D395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D395 second address: C2D3A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D3A4 second address: C2D3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D841 second address: C2D845 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D845 second address: C2D84E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D995 second address: C2D9A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D9A6 second address: C2D9B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA39851835Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D9B6 second address: C2D9CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA39874704Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D9CE second address: C2D9D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2D9D2 second address: C2D9D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2DC5D second address: C2DC61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2E479 second address: C2E47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C2E47D second address: C2E489 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C361B5 second address: C361D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747056h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C35F40 second address: C35F46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C3D3C2 second address: C3D3C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C4661D second address: C46623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C46623 second address: C46627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C46627 second address: C46645 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA398518360h 0x0000000b js 00007FA398518362h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C46645 second address: C4664B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C46330 second address: C46336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C47C84 second address: C47C94 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA398747046h 0x00000008 je 00007FA398747046h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5111A second address: C5111E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5111E second address: C51124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C51124 second address: C51143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA398518367h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C51143 second address: C51166 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747052h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ebx 0x0000000d push edi 0x0000000e je 00007FA398747046h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5409C second address: C540A2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5A131 second address: C5A136 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5D54E second address: C5D567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA398518356h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FA398518356h 0x00000013 jns 00007FA398518356h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C5D567 second address: C5D587 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FA398747057h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C62B47 second address: C62B4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C62B4F second address: C62B55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C62B55 second address: C62B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C62D23 second address: C62D2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C62E88 second address: C62E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C6343D second address: C63443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C68C31 second address: C68C35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C68C35 second address: C68C43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C68DC1 second address: C68DCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA398518356h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C68DCB second address: C68DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C6A70A second address: C6A710 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C6A710 second address: C6A717 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C74A5E second address: C74A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007FA39851835Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C74A73 second address: C74A79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C8657E second address: C86582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C86582 second address: C8658A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C860DC second address: C860E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C860E4 second address: C860FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA398747050h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C8625F second address: C8628D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518360h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FA398518368h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C8628D second address: C86292 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C86292 second address: C862BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518365h 0x00000009 push eax 0x0000000a pop eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9A96C second address: C9A997 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA398747052h 0x00000008 push esi 0x00000009 pop esi 0x0000000a jc 00007FA398747046h 0x00000010 popad 0x00000011 push ebx 0x00000012 jmp 00007FA39874704Ah 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9AC67 second address: C9AC77 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jne 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9AC77 second address: C9AC81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA398747046h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9AC81 second address: C9ACA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007FA398518363h 0x0000000d jmp 00007FA39851835Dh 0x00000012 jl 00007FA398518358h 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9ACA7 second address: C9ACAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9ACAD second address: C9ACB7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA398518356h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B376 second address: C9B37C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B37C second address: C9B394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA39851835Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B394 second address: C9B398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B398 second address: C9B39C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B4DF second address: C9B508 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747051h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b jmp 00007FA39874704Ch 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop esi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B644 second address: C9B64A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B64A second address: C9B64E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B64E second address: C9B654 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B654 second address: C9B65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: C9B65D second address: C9B663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA11AF second address: CA11B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA1413 second address: CA1431 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518365h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA1431 second address: CA143E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jp 00007FA39874704Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA143E second address: CA149D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebp 0x00000009 call 00007FA398518358h 0x0000000e pop ebp 0x0000000f mov dword ptr [esp+04h], ebp 0x00000013 add dword ptr [esp+04h], 00000014h 0x0000001b inc ebp 0x0000001c push ebp 0x0000001d ret 0x0000001e pop ebp 0x0000001f ret 0x00000020 mov dh, 3Ch 0x00000022 push 00000004h 0x00000024 push 00000000h 0x00000026 push ebp 0x00000027 call 00007FA398518358h 0x0000002c pop ebp 0x0000002d mov dword ptr [esp+04h], ebp 0x00000031 add dword ptr [esp+04h], 00000018h 0x00000039 inc ebp 0x0000003a push ebp 0x0000003b ret 0x0000003c pop ebp 0x0000003d ret 0x0000003e mov edx, 01EA4B11h 0x00000043 mov dx, bx 0x00000046 xor edx, dword ptr [ebp+122D265Dh] 0x0000004c push 991CC149h 0x00000051 push eax 0x00000052 push edx 0x00000053 push edi 0x00000054 pushad 0x00000055 popad 0x00000056 pop edi 0x00000057 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA1688 second address: CA1708 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FA398747046h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 jno 00007FA39874704Ch 0x00000017 push dword ptr [ebp+122D3761h] 0x0000001d movsx edx, cx 0x00000020 mov dword ptr [ebp+12469DCBh], edx 0x00000026 call 00007FA398747049h 0x0000002b jmp 00007FA39874704Fh 0x00000030 push eax 0x00000031 jmp 00007FA398747050h 0x00000036 mov eax, dword ptr [esp+04h] 0x0000003a push esi 0x0000003b jne 00007FA398747048h 0x00000041 push esi 0x00000042 pop esi 0x00000043 pop esi 0x00000044 mov eax, dword ptr [eax] 0x00000046 push esi 0x00000047 jmp 00007FA39874704Ch 0x0000004c pop esi 0x0000004d mov dword ptr [esp+04h], eax 0x00000051 jg 00007FA398747054h 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA30F6 second address: CA30FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA30FA second address: CA3103 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA3103 second address: CA3109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: CA3109 second address: CA311C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 jns 00007FA398747046h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	RDTSC instruction interceptor: First address: BBC40B second address: BBC413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Special instruction interceptor: First address: A17B98 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Special instruction interceptor: First address: A17A72 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Special instruction interceptor: First address: BB392A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Special instruction interceptor: First address: C386C2 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Code function: 1_2_00A182EA rdtsc

1_2_00A182EA

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\mgEXk8ip26.exe TID: 7528

Thread sleep time: -90000s >= -30000s

Jump to behavior

Source: mgEXk8ip26.exe, mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260432379.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231900797.0000000001410000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231900797.0000000001410000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	File opened: NTICE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	File opened: SICE
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\mgEXk8ip26.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Code function: 1_2_00A182EA rdtsc

1_2_00A182EA

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Code function: 1_2_009FC1F0 LdrInitializeThunk,

1_2_009FC1F0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: mgEXk8ip26.exe	String found in binary or memory: rapeflowwj.lat
Source: mgEXk8ip26.exe	String found in binary or memory: sustainskelet.lat
Source: mgEXk8ip26.exe	String found in binary or memory: crosshuaht.lat
Source: mgEXk8ip26.exe	String found in binary or memory: energyaffai.lat
Source: mgEXk8ip26.exe	String found in binary or memory: aspecteirs.lat
Source: mgEXk8ip26.exe	String found in binary or memory: discokeyus.lat
Source: mgEXk8ip26.exe	String found in binary or memory: necklacebudi.lat
Source: mgEXk8ip26.exe	String found in binary or memory: sweepyribs.lat
Source: mgEXk8ip26.exe	String found in binary or memory: grannyejh.lat

Source: mgEXk8ip26.exe, mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: nI\uProgram Manager
Source: mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: onI\uProgram Manager

Source: C:\Users\user\Desktop\mgEXk8ip26.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

ID:	1579774
Product:	CloudBasic
Start time:	08:53:24
Start date:	23.12.2024
Sample:	mgEXk8ip26.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	f54dd0914c65108d5f72049dc5490f53
SHA1:	2698c99f98e65b28f31f9bdc0e68b6941de38f2a
SHA256:	4a2803914a4269806a4cb5525ec40edaf2274e496d0e9d87be9988d1da4b02d5
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
mgEXk8ip26.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report mgEXk8ip26.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
mgEXk8ip26.exe

Malware Threat Intel
Provided by