Windows Analysis Report
613vKYuY2S.exe

Overview

General Information

Sample name: 613vKYuY2S.exe
renamed because original name is a hash value
Original sample name: 9bb9c8c29445b1b47cb909fa92c95611.exe
Analysis ID: 1579776
MD5: 9bb9c8c29445b1b47cb909fa92c95611
SHA1: 5972f04a7be4eed1bfdc3d741c09df65615bf5d7
SHA256: 143f9afbd833bcfc953a54b16e40808ca42aa6db4b58e57afcbbd90fa0d95210
Tags: exeuser-abuse_ch
Infos:

Detection

LummaC
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Lumma Stealer, LummaC2 Stealer Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: 613vKYuY2S.exe Avira: detected
Found malware configuration
Source: 613vKYuY2S.exe.2168.1.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["sustainskelet.lat", "grannyejh.lat", "sweepyribs.lat", "aspecteirs.lat", "rapeflowwj.lat", "crosshuaht.lat", "necklacebudi.lat", "discokeyus.lat", "energyaffai.lat"], "Build id": "LOGS11--LiveTraffic"}
Multi AV Scanner detection for submitted file
Source: 613vKYuY2S.exe ReversingLabs: Detection: 60%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: 613vKYuY2S.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: rapeflowwj.lat
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: crosshuaht.lat
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: sustainskelet.lat
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: aspecteirs.lat
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: energyaffai.lat
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: necklacebudi.lat
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: discokeyus.lat
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: grannyejh.lat
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: sweepyribs.lat
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Screen Resoluton:
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Physical Installed Memory:
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: Workgroup: -
Source: 00000001.00000003.2191545054.0000000005180000.00000004.00001000.00020000.00000000.sdmp String decryptor: LOGS11--LiveTraffic
Uses 32bit PE files
Source: 613vKYuY2S.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49720 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h] 1_2_0019C767
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov edx, ecx 1_2_00169C4A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then push C0BFD6CCh 1_2_00183086
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then push C0BFD6CCh 1_2_00183086
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then add ebp, dword ptr [esp+0Ch] 1_2_0018B170
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ebx, esi 1_2_00182190
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov word ptr [ebx], cx 1_2_00182190
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then cmp word ptr [edi+eax+02h], 0000h 1_2_00182190
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov word ptr [ecx], dx 1_2_001891DD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ecx, dword ptr [ebp-20h] 1_2_001891DD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h 1_2_0019B1D0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ebx, eax 1_2_0019B1D0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh] 1_2_00175220
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh] 1_2_00176263
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov word ptr [ebx], ax 1_2_0017B2E0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax] 1_2_0019F330
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh] 1_2_00177380
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h 1_2_0017D380
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh] 1_2_00177380
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 1_2_00195450
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov word ptr [ecx], dx 1_2_001891DD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ecx, dword ptr [ebp-20h] 1_2_001891DD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] 1_2_001674F0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] 1_2_001674F0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then jmp dword ptr [001A450Ch] 1_2_00178591
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then xor edi, edi 1_2_0017759F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ecx, eax 1_2_00169580
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov word ptr [ebp+00h], ax 1_2_00169580
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h 1_2_001985E0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then jmp eax 1_2_001985E0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov eax, dword ptr [001A473Ch] 1_2_0017C653
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 1_2_0018A700
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then lea edx, dword ptr [ecx+01h] 1_2_0016B70C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov esi, eax 1_2_00175799
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ecx, eax 1_2_00175799
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx eax, word ptr [edx] 1_2_001797C2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov word ptr [edi], dx 1_2_001797C2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov word ptr [esi], cx 1_2_001797C2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h] 1_2_0017E7C0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov edx, ecx 1_2_00198810
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh 1_2_00198810
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh 1_2_00198810
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then test eax, eax 1_2_00198810
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov word ptr [ecx], bp 1_2_0017D83A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov byte ptr [edi], al 1_2_0017682D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+18h] 1_2_0017682D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h] 1_2_0017682D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then jmp eax 1_2_0018984F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh] 1_2_00183860
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ebx, edx 1_2_0016C8B6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+4B6A4A26h] 1_2_0016C8B6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ebx, eax 1_2_00165990
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ebp, eax 1_2_00165990
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov eax, dword ptr [esp+00000080h] 1_2_001779C1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov byte ptr [esi], al 1_2_0018DA53
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov byte ptr [edi], cl 1_2_0018CA49
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then push ebx 1_2_0019CA93
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov byte ptr [edi], cl 1_2_0018CAD0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then push esi 1_2_00187AD3
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov byte ptr [edi], cl 1_2_0018CB11
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov byte ptr [edi], cl 1_2_0018CB22
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov word ptr [eax], cx 1_2_0017CB40
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov word ptr [esi], cx 1_2_0017CB40
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov word ptr [eax], cx 1_2_00188B61
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then cmp al, 2Eh 1_2_00186B95
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ebx, eax 1_2_0016DBD9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ebx, eax 1_2_0016DBD9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then push 00000000h 1_2_00189C2B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h] 1_2_0019ECA0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov eax, dword ptr [ebp-68h] 1_2_00188D93
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h] 1_2_00177DEE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then jmp dword ptr [001A55F4h] 1_2_00185E30
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov edx, ebp 1_2_00185E70
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ecx, eax 1_2_0019AEC0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov byte ptr [esi], al 1_2_0017BF14
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov eax, dword ptr [ebx+edi+44h] 1_2_00179F30
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then xor byte ptr [esp+eax+17h], al 1_2_00168F50
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov byte ptr [edi], bl 1_2_00168F50
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h] 1_2_0019EFB0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then jmp ecx 1_2_0016BFFD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 4x nop then mov ecx, ebx 1_2_0018DFE9

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:57892 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.6:58494 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.6:60123 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.6:52350 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.6:50803 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.6:53050 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.6:64698 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.6:60140 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.6:55806 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49720 -> 104.102.49.254:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: sustainskelet.lat
Source: Malware configuration extractor URLs: grannyejh.lat
Source: Malware configuration extractor URLs: sweepyribs.lat
Source: Malware configuration extractor URLs: aspecteirs.lat
Source: Malware configuration extractor URLs: rapeflowwj.lat
Source: Malware configuration extractor URLs: crosshuaht.lat
Source: Malware configuration extractor URLs: necklacebudi.lat
Source: Malware configuration extractor URLs: discokeyus.lat
Source: Malware configuration extractor URLs: energyaffai.lat
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.102.49.254 104.102.49.254
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49720 -> 104.102.49.254:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: 613vKYuY2S.exe, 00000001.00000003.2238876935.0000000001352000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000002.2245389099.0000000001352000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.aka equals www.youtube.com (Youtube)
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=8ee5f91bc8145730e39385cf; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 23 Dec 2024 07:55:56 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control) equals www.youtube.com (Youtube)
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: maized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic DNS traffic detected: DNS query: grannyejh.lat
Source: global traffic DNS traffic detected: DNS query: discokeyus.lat
Source: global traffic DNS traffic detected: DNS query: necklacebudi.lat
Source: global traffic DNS traffic detected: DNS query: energyaffai.lat
Source: global traffic DNS traffic detected: DNS query: aspecteirs.lat
Source: global traffic DNS traffic detected: DNS query: sustainskelet.lat
Source: global traffic DNS traffic detected: DNS query: crosshuaht.lat
Source: global traffic DNS traffic detected: DNS query: rapeflowwj.lat
Source: global traffic DNS traffic detected: DNS query: steamcommunity.com
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:27060
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237924683.000000000130D000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: 613vKYuY2S.exe, 00000001.00000002.2244757262.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242209312.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.steampowered.com/
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://checkout.steampowered.com/
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/
Source: 613vKYuY2S.exe, 00000001.00000002.2244757262.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242209312.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: 613vKYuY2S.exe, 00000001.00000002.2244757262.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242209312.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: 613vKYuY2S.exe, 00000001.00000002.2244757262.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242209312.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: 613vKYuY2S.exe, 00000001.00000002.2244757262.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242209312.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
Source: 613vKYuY2S.exe, 00000001.00000002.2244757262.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242209312.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/en/
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.steampowered.com/
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lv.queniujq.cn
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://medal.tv
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://player.vimeo.com
Source: 613vKYuY2S.exe, 00000001.00000003.2237924683.0000000001329000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000132B000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000002.2245040968.000000000132C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://rapeflowwj.lat/
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s.ytimg.com;
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sketchfab.com
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steam.tv/
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: 613vKYuY2S.exe, 00000001.00000003.2238876935.0000000001352000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000002.2245389099.0000000001352000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast.aka
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast.akamaized.net
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: 613vKYuY2S.exe, 00000001.00000002.2244757262.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242209312.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/discussions/
Source: 613vKYuY2S.exe, 00000001.00000002.2244757262.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242209312.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/market/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: 613vKYuY2S.exe, 00000001.00000002.2244757262.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242209312.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237924683.0000000001329000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000132B000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000002.2245040968.000000000132C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: 613vKYuY2S.exe, 00000001.00000002.2244757262.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242209312.0000000001309000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/765611997243319002
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/workshop/
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/
Source: 613vKYuY2S.exe, 00000001.00000002.2245273274.000000000133F000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237924683.000000000133B000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242099587.000000000133E000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;
Source: 613vKYuY2S.exe, 00000001.00000002.2245273274.000000000133F000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237924683.000000000133B000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242099587.000000000133E000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/about/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/explore/
Source: 613vKYuY2S.exe, 00000001.00000002.2244757262.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242209312.0000000001309000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/legal/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/mobile
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/news/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/points/shop
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/points/shop/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/stats/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/recaptcha/
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001387000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237924683.000000000130D000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237519815.0000000001381000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242134093.000000000138B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com
Source: 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49720 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: 613vKYuY2S.exe Static PE information: section name:
Source: 613vKYuY2S.exe Static PE information: section name: .rsrc
Source: 613vKYuY2S.exe Static PE information: section name: .idata
Detected potential crypto function
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00168850 1_2_00168850
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0016ACF0 1_2_0016ACF0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00255025 1_2_00255025
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00259024 1_2_00259024
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022E02B 1_2_0022E02B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00287038 1_2_00287038
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FD00E 1_2_001FD00E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020A033 1_2_0020A033
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027B038 1_2_0027B038
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FC03E 1_2_001FC03E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00263004 1_2_00263004
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0028600A 1_2_0028600A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026F003 1_2_0026F003
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00256003 1_2_00256003
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C9035 1_2_001C9035
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00235014 1_2_00235014
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00249013 1_2_00249013
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00215018 1_2_00215018
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026901B 1_2_0026901B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00200068 1_2_00200068
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D9051 1_2_001D9051
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023B06C 1_2_0023B06C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020C072 1_2_0020C072
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027E07B 1_2_0027E07B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001B8045 1_2_001B8045
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00221042 1_2_00221042
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C3093 1_2_001C3093
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024A085 1_2_0024A085
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00276084 1_2_00276084
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021408F 1_2_0021408F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025008B 1_2_0025008B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00230093 1_2_00230093
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00201099 1_2_00201099
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025409E 1_2_0025409E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026E098 1_2_0026E098
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023E09C 1_2_0023E09C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002280ED 1_2_002280ED
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021F0F6 1_2_0021F0F6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002080F8 1_2_002080F8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020D0F9 1_2_0020D0F9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0032B0E9 1_2_0032B0E9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022C0F9 1_2_0022C0F9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E60C1 1_2_001E60C1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EB0FA 1_2_001EB0FA
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026A0C2 1_2_0026A0C2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FE0F6 1_2_001FE0F6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002520C8 1_2_002520C8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001CE0E2 1_2_001CE0E2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EC116 1_2_001EC116
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021812B 1_2_0021812B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00224137 1_2_00224137
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024C13C 1_2_0024C13C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027F100 1_2_0027F100
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00251108 1_2_00251108
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020616F 1_2_0020616F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025F174 1_2_0025F174
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00265172 1_2_00265172
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EF146 1_2_001EF146
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023D17F 1_2_0023D17F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00262146 1_2_00262146
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00257146 1_2_00257146
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023A145 1_2_0023A145
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002681A6 1_2_002681A6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002041A1 1_2_002041A1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00182190 1_2_00182190
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002091B5 1_2_002091B5
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D118B 1_2_001D118B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026D1B0 1_2_0026D1B0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001DC18A 1_2_001DC18A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001691B0 1_2_001691B0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00233185 1_2_00233185
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026C18A 1_2_0026C18A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00258197 1_2_00258197
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027D194 1_2_0027D194
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002DD196 1_2_002DD196
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001891DD 1_2_001891DD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0019B1D0 1_2_0019B1D0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FD1CF 1_2_001FD1CF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0028A1F8 1_2_0028A1F8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021B1F5 1_2_0021B1F5
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001841C0 1_2_001841C0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001831C2 1_2_001831C2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F91C3 1_2_001F91C3
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024A1FA 1_2_0024A1FA
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002251C9 1_2_002251C9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F41EE 1_2_001F41EE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EF1EB 1_2_001EF1EB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F621E 1_2_001F621E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E5212 1_2_001E5212
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025A214 1_2_0025A214
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E6228 1_2_001E6228
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00175220 1_2_00175220
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001CC222 1_2_001CC222
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E7254 1_2_001E7254
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E924E 1_2_001E924E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00210271 1_2_00210271
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E024C 1_2_001E024C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022F271 1_2_0022F271
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024F246 1_2_0024F246
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E3278 1_2_001E3278
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0028324E 1_2_0028324E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00176263 1_2_00176263
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EA268 1_2_001EA268
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00278250 1_2_00278250
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0017E290 1_2_0017E290
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001CF293 1_2_001CF293
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00166280 1_2_00166280
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00217284 1_2_00217284
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001CA2BB 1_2_001CA2BB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00260297 1_2_00260297
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00239296 1_2_00239296
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001CD2DF 1_2_001CD2DF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001852DD 1_2_001852DD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C12DB 1_2_001C12DB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0028B2FC 1_2_0028B2FC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002892F5 1_2_002892F5
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001CB2F8 1_2_001CB2F8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022B2C6 1_2_0022B2C6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FB2F1 1_2_001FB2F1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0017B2E0 1_2_0017B2E0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002332DE 1_2_002332DE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025B320 1_2_0025B320
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001DC31B 1_2_001DC31B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C2310 1_2_001C2310
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0018830D 1_2_0018830D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022233D 1_2_0022233D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00168330 1_2_00168330
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0018A33F 1_2_0018A33F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0019F330 1_2_0019F330
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00237312 1_2_00237312
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00164320 1_2_00164320
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00185327 1_2_00185327
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020931F 1_2_0020931F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00213364 1_2_00213364
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026436E 1_2_0026436E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00243369 1_2_00243369
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00219370 1_2_00219370
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0019D34D 1_2_0019D34D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021C377 1_2_0021C377
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0033036A 1_2_0033036A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001DF344 1_2_001DF344
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021A37F 1_2_0021A37F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FC340 1_2_001FC340
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020B34A 1_2_0020B34A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022035C 1_2_0022035C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FF39A 1_2_001FF39A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002033AE 1_2_002033AE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E138A 1_2_001E138A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002323B7 1_2_002323B7
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00184380 1_2_00184380
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002353BB 1_2_002353BB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C3385 1_2_001C3385
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002483BB 1_2_002483BB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00270385 1_2_00270385
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E43B0 1_2_001E43B0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F23AD 1_2_001F23AD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D93DC 1_2_001D93DC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025E3E4 1_2_0025E3E4
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002313E6 1_2_002313E6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002553ED 1_2_002553ED
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002E33E5 1_2_002E33E5
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002443FE 1_2_002443FE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0018C3FC 1_2_0018C3FC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002113C8 1_2_002113C8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025D3CC 1_2_0025D3CC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027C3CA 1_2_0027C3CA
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023C3CD 1_2_0023C3CD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002413D4 1_2_002413D4
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002833DF 1_2_002833DF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EE3E5 1_2_001EE3E5
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022842C 1_2_0022842C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001DD409 1_2_001DD409
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E740A 1_2_001E740A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023943A 1_2_0023943A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FE403 1_2_001FE403
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00236402 1_2_00236402
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0028040D 1_2_0028040D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027A408 1_2_0027A408
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024C41D 1_2_0024C41D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020E46F 1_2_0020E46F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00276444 1_2_00276444
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026B449 1_2_0026B449
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C046F 1_2_001C046F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022A451 1_2_0022A451
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F7461 1_2_001F7461
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024E4A6 1_2_0024E4A6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002724A5 1_2_002724A5
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024B4AF 1_2_0024B4AF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002524AE 1_2_002524AE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D0490 1_2_001D0490
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002114B2 1_2_002114B2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0017148F 1_2_0017148F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002014B8 1_2_002014B8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026F48A 1_2_0026F48A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020C493 1_2_0020C493
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00332489 1_2_00332489
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C24DF 1_2_001C24DF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002624E5 1_2_002624E5
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001891DD 1_2_001891DD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020D4EE 1_2_0020D4EE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002544FE 1_2_002544FE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002164C1 1_2_002164C1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002514C0 1_2_002514C0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001674F0 1_2_001674F0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002344CB 1_2_002344CB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023A4CB 1_2_0023A4CB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002234D2 1_2_002234D2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002854DA 1_2_002854DA
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002494D1 1_2_002494D1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002264DA 1_2_002264DA
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0030F4CA 1_2_0030F4CA
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00182510 1_2_00182510
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00197500 1_2_00197500
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020653A 1_2_0020653A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00277507 1_2_00277507
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E553F 1_2_001E553F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024D517 1_2_0024D517
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E0529 1_2_001E0529
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0032456F 1_2_0032456F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00284545 1_2_00284545
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00270556 1_2_00270556
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001DE565 1_2_001DE565
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00281557 1_2_00281557
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E859C 1_2_001E859C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0017759F 1_2_0017759F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D358D 1_2_001D358D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00169580 1_2_00169580
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002295B9 1_2_002295B9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025F58F 1_2_0025F58F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D25DC 1_2_001D25DC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D75C4 1_2_001D75C4
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0028B5F2 1_2_0028B5F2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023E5C1 1_2_0023E5C1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F95EF 1_2_001F95EF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002575DC 1_2_002575DC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026D62F 1_2_0026D62F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022562C 1_2_0022562C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00187603 1_2_00187603
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00251600 1_2_00251600
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C463B 1_2_001C463B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FC638 1_2_001FC638
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020A608 1_2_0020A608
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020760D 1_2_0020760D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023761B 1_2_0023761B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026861E 1_2_0026861E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021561A 1_2_0021561A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022F619 1_2_0022F619
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C165F 1_2_001C165F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027E662 1_2_0027E662
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025C640 1_2_0025C640
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00265649 1_2_00265649
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00262653 1_2_00262653
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021D656 1_2_0021D656
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E2690 1_2_001E2690
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00212687 1_2_00212687
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026C681 1_2_0026C681
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026168C 1_2_0026168C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00247697 1_2_00247697
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026369F 1_2_0026369F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002166E5 1_2_002166E5
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001866D0 1_2_001866D0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001CD6D5 1_2_001CD6D5
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001886C0 1_2_001886C0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002216F8 1_2_002216F8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002326CE 1_2_002326CE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027F6D7 1_2_0027F6D7
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001836E2 1_2_001836E2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00253727 1_2_00253727
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00166710 1_2_00166710
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025D72C 1_2_0025D72C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00278729 1_2_00278729
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00219731 1_2_00219731
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022C732 1_2_0022C732
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00202734 1_2_00202734
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00229739 1_2_00229739
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EE702 1_2_001EE702
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F072D 1_2_001F072D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E6726 1_2_001E6726
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0019F720 1_2_0019F720
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FA724 1_2_001FA724
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00283764 1_2_00283764
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F474B 1_2_001F474B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001DA748 1_2_001DA748
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D577A 1_2_001D577A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F1777 1_2_001F1777
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020074C 1_2_0020074C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E376E 1_2_001E376E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00289759 1_2_00289759
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EA79F 1_2_001EA79F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023C7A7 1_2_0023C7A7
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00178792 1_2_00178792
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F3797 1_2_001F3797
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002357A9 1_2_002357A9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00175799 1_2_00175799
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002797B7 1_2_002797B7
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0016A780 1_2_0016A780
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001CC785 1_2_001CC785
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FC7BC 1_2_001FC7BC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00209787 1_2_00209787
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00259789 1_2_00259789
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C07AB 1_2_001C07AB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0032678A 1_2_0032678A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002247E1 1_2_002247E1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F27D5 1_2_001F27D5
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002207E9 1_2_002207E9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002317EF 1_2_002317EF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002557E8 1_2_002557E8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001797C2 1_2_001797C2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0017E7C0 1_2_0017E7C0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002367FF 1_2_002367FF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002307FC 1_2_002307FC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002227CE 1_2_002227CE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00198810 1_2_00198810
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00276802 1_2_00276802
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025E80F 1_2_0025E80F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024180F 1_2_0024180F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021C810 1_2_0021C810
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00214812 1_2_00214812
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0017682D 1_2_0017682D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C2826 1_2_001C2826
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F4822 1_2_001F4822
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00264819 1_2_00264819
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00201862 1_2_00201862
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00234867 1_2_00234867
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023E86B 1_2_0023E86B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026A868 1_2_0026A868
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00237873 1_2_00237873
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00212870 1_2_00212870
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00239871 1_2_00239871
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022B871 1_2_0022B871
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00265875 1_2_00265875
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023D87D 1_2_0023D87D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00213844 1_2_00213844
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023F848 1_2_0023F848
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023A84F 1_2_0023A84F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00183860 1_2_00183860
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023385A 1_2_0023385A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025285B 1_2_0025285B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EF894 1_2_001EF894
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002508AB 1_2_002508AB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002188B0 1_2_002188B0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D9888 1_2_001D9888
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0019D880 1_2_0019D880
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027A8BA 1_2_0027A8BA
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0016C8B6 1_2_0016C8B6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00245886 1_2_00245886
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E78BB 1_2_001E78BB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001CE8BB 1_2_001CE8BB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024E88D 1_2_0024E88D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001818A0 1_2_001818A0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_003228F2 1_2_003228F2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F88D4 1_2_001F88D4
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001888CB 1_2_001888CB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D28FA 1_2_001D28FA
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0032E8C1 1_2_0032E8C1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002808D1 1_2_002808D1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C9915 1_2_001C9915
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021F92E 1_2_0021F92E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C590D 1_2_001C590D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00285936 1_2_00285936
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00180939 1_2_00180939
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00275900 1_2_00275900
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020B912 1_2_0020B912
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00230961 1_2_00230961
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001F5954 1_2_001F5954
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027996C 1_2_0027996C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00261968 1_2_00261968
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EC949 1_2_001EC949
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00190940 1_2_00190940
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00243941 1_2_00243941
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00163970 1_2_00163970
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027794A 1_2_0027794A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E6970 1_2_001E6970
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022394C 1_2_0022394C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0027B950 1_2_0027B950
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001DA998 1_2_001DA998
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00165990 1_2_00165990
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002069A6 1_2_002069A6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002679AE 1_2_002679AE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002089AB 1_2_002089AB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C398D 1_2_001C398D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EB98B 1_2_001EB98B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002719B2 1_2_002719B2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0019D980 1_2_0019D980
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001CD985 1_2_001CD985
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025F9B9 1_2_0025F9B9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020F9BD 1_2_0020F9BD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021B98A 1_2_0021B98A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00249991 1_2_00249991
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0028999E 1_2_0028999E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D49DD 1_2_001D49DD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002519E2 1_2_002519E2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026E9EC 1_2_0026E9EC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002079EF 1_2_002079EF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001779C1 1_2_001779C1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024E9FE 1_2_0024E9FE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C69FE 1_2_001C69FE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E89F8 1_2_001E89F8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001DE9F7 1_2_001DE9F7
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002539D6 1_2_002539D6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_002579D9 1_2_002579D9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0016EA10 1_2_0016EA10
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00256A2F 1_2_00256A2F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024FA2F 1_2_0024FA2F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001DBA10 1_2_001DBA10
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024CA04 1_2_0024CA04
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00239A05 1_2_00239A05
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EFA2B 1_2_001EFA2B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00260A18 1_2_00260A18
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D1A5F 1_2_001D1A5F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00242A66 1_2_00242A66
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020DA69 1_2_0020DA69
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0018DA53 1_2_0018DA53
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001CAA53 1_2_001CAA53
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0018CA49 1_2_0018CA49
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0028AA73 1_2_0028AA73
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026BA47 1_2_0026BA47
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021DA4F 1_2_0021DA4F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00226A50 1_2_00226A50
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001C4A69 1_2_001C4A69
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E3A6B 1_2_001E3A6B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0019DA80 1_2_0019DA80
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025AABE 1_2_0025AABE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00268A87 1_2_00268A87
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0018CAD0 1_2_0018CAD0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00287AE0 1_2_00287AE0
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00282AE2 1_2_00282AE2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00288AE3 1_2_00288AE3
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00204AF1 1_2_00204AF1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023EAF7 1_2_0023EAF7
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00237AF8 1_2_00237AF8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00205AC2 1_2_00205AC2
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D2AFE 1_2_001D2AFE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E4AFD 1_2_001E4AFD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024AACD 1_2_0024AACD
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00248AC9 1_2_00248AC9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00278AD8 1_2_00278AD8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0020BB23 1_2_0020BB23
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0018CB11 1_2_0018CB11
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E5B13 1_2_001E5B13
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00259B28 1_2_00259B28
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00219B2E 1_2_00219B2E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0024BB34 1_2_0024BB34
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00196B08 1_2_00196B08
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00264B31 1_2_00264B31
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026FB3B 1_2_0026FB3B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025CB0E 1_2_0025CB0E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00283B05 1_2_00283B05
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0018CB22 1_2_0018CB22
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FDB5B 1_2_001FDB5B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00186B50 1_2_00186B50
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022FB6D 1_2_0022FB6D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0017CB40 1_2_0017CB40
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00238B7F 1_2_00238B7F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00220B48 1_2_00220B48
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0019DB60 1_2_0019DB60
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001EAB64 1_2_001EAB64
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025DB5F 1_2_0025DB5F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0025BBA6 1_2_0025BBA6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00255BAF 1_2_00255BAF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FAB94 1_2_001FAB94
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E0B92 1_2_001E0B92
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00221BAF 1_2_00221BAF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FFB90 1_2_001FFB90
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E8BBC 1_2_001E8BBC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00276B85 1_2_00276B85
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00246B81 1_2_00246B81
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D3BA6 1_2_001D3BA6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001E3BD8 1_2_001E3BD8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00235BEF 1_2_00235BEF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0016DBD9 1_2_0016DBD9
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022CBF1 1_2_0022CBF1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00269BFF 1_2_00269BFF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00252BCC 1_2_00252BCC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00243BDF 1_2_00243BDF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FCC18 1_2_001FCC18
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00263C21 1_2_00263C21
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0022BC2C 1_2_0022BC2C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0017DC00 1_2_0017DC00
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0023DC34 1_2_0023DC34
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00270C3F 1_2_00270C3F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021DC04 1_2_0021DC04
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00189C2B 1_2_00189C2B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026AC64 1_2_0026AC64
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00222C64 1_2_00222C64
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00201C6D 1_2_00201C6D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0042AC14 1_2_0042AC14
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0017FC75 1_2_0017FC75
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021CC46 1_2_0021CC46
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00164C60 1_2_00164C60
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00231C5F 1_2_00231C5F
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001D9C9C 1_2_001D9C9C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0018AC90 1_2_0018AC90
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00236CA8 1_2_00236CA8
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00214CAF 1_2_00214CAF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0026DCBE 1_2_0026DCBE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001FECBA 1_2_001FECBA
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001DFCB1 1_2_001DFCB1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00248C9C 1_2_00248C9C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0019ECA0 1_2_0019ECA0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: String function: 00174400 appears 65 times
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: String function: 00168030 appears 44 times
Uses 32bit PE files
Source: 613vKYuY2S.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 613vKYuY2S.exe Static PE information: Section: ZLIB complexity 0.9974114404965754
Source: classification engine Classification label: mal100.troj.evad.winEXE@1/0@10/1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00190C70 CoCreateInstance, 1_2_00190C70
Source: C:\Users\user\Desktop\613vKYuY2S.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 613vKYuY2S.exe ReversingLabs: Detection: 60%
Source: 613vKYuY2S.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: 613vKYuY2S.exe String found in binary or memory: 1RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeP
Source: C:\Users\user\Desktop\613vKYuY2S.exe File read: C:\Users\user\Desktop\613vKYuY2S.exe Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Section loaded: dpapi.dll Jump to behavior
Source: 613vKYuY2S.exe Static file information: File size 2975744 > 1048576
Source: 613vKYuY2S.exe Static PE information: Raw size of faphqeli is bigger than: 0x100000 < 0x2ae800

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\613vKYuY2S.exe Unpacked PE file: 1.2.613vKYuY2S.exe.160000.0.unpack :EW;.rsrc :W;.idata :W;faphqeli:EW;fachvrsl:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;faphqeli:EW;fachvrsl:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: 613vKYuY2S.exe Static PE information: real checksum: 0x2db379 should be: 0x2e6430
PE file contains sections with non-standard names
Source: 613vKYuY2S.exe Static PE information: section name:
Source: 613vKYuY2S.exe Static PE information: section name: .rsrc
Source: 613vKYuY2S.exe Static PE information: section name: .idata
Source: 613vKYuY2S.exe Static PE information: section name: faphqeli
Source: 613vKYuY2S.exe Static PE information: section name: fachvrsl
Source: 613vKYuY2S.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0041E03E push ebp; mov dword ptr [esp], ecx 1_2_0041E00C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001B8C2D push ebp; mov dword ptr [esp], eax 1_2_001B96F1
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00337020 push esi; mov dword ptr [esp], ebx 1_2_0033705D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00256003 push eax; mov dword ptr [esp], ebp 1_2_002564C4
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00256003 push 4F75DB05h; mov dword ptr [esp], edx 1_2_002564FC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00256003 push edx; mov dword ptr [esp], esi 1_2_00256581
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00256003 push eax; mov dword ptr [esp], ebx 1_2_00256604
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00256003 push ebp; mov dword ptr [esp], edi 1_2_00256608
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00256003 push 430B90C0h; mov dword ptr [esp], esi 1_2_0025663E
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00256003 push 44C582F4h; mov dword ptr [esp], eax 1_2_00256646
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00200068 push 05080F6Eh; mov dword ptr [esp], eax 1_2_00200571
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00200068 push 58D5B321h; mov dword ptr [esp], ebp 1_2_002005F3
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00217050 push 5A284898h; mov dword ptr [esp], ebp 1_2_0021706B
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00217050 push edi; mov dword ptr [esp], eax 1_2_00217172
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_00217050 push 64D737DEh; mov dword ptr [esp], ebx 1_2_002171AE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_003980BA push 2F271250h; mov dword ptr [esp], edx 1_2_0039812D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001BE0BE push 29EB2159h; mov dword ptr [esp], esi 1_2_001BE0C6
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001BB0BC push 22676E52h; mov dword ptr [esp], ebp 1_2_001BDF36
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021408F push edx; mov dword ptr [esp], 4F3FF4F2h 1_2_0021455C
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021408F push edx; mov dword ptr [esp], esp 1_2_00214583
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021408F push edx; mov dword ptr [esp], eax 1_2_002145BA
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021408F push ebx; mov dword ptr [esp], eax 1_2_002145DC
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021408F push 5159D377h; mov dword ptr [esp], edi 1_2_0021462A
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021408F push ebx; mov dword ptr [esp], ecx 1_2_00214666
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021408F push edx; mov dword ptr [esp], eax 1_2_002146DE
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0021408F push 5854D37Dh; mov dword ptr [esp], ebx 1_2_002146FF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0042A0ED push 403A8B1Ah; mov dword ptr [esp], ecx 1_2_0042A0FB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0042A0ED push 7B077C8Ah; mov dword ptr [esp], ecx 1_2_0042A1BB
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001BB0D6 push 39F4ADA1h; mov dword ptr [esp], eax 1_2_001BDA05
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_003470E2 push esi; mov dword ptr [esp], 67AF3066h 1_2_003470FF
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0032B0E9 push 630B408Ah; mov dword ptr [esp], ecx 1_2_0032B0F2
Source: 613vKYuY2S.exe Static PE information: section name: entropy: 7.982554167437004

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\613vKYuY2S.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\613vKYuY2S.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 1B7EB9 second address: 1B7EBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 1B7EBD second address: 1B7ED9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB764h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 1B7ED9 second address: 1B7EDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 32758E second address: 327596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 327596 second address: 32759C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 33604A second address: 336050 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3364B4 second address: 3364CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE0519227h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 336639 second address: 33664E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB75Eh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3367AC second address: 3367B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3367B2 second address: 3367B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3367B8 second address: 3367D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F7BE051921Dh 0x0000000b push edx 0x0000000c pop edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3397B7 second address: 3397DE instructions: 0x00000000 rdtsc 0x00000002 js 00007F7BE16AB756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov eax, dword ptr [eax] 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7BE16AB767h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3397DE second address: 1B7EB9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jnc 00007F7BE051921Eh 0x00000011 pop eax 0x00000012 cmc 0x00000013 push dword ptr [ebp+122D0921h] 0x00000019 je 00007F7BE051921Ch 0x0000001f mov edi, dword ptr [ebp+122D2D26h] 0x00000025 call dword ptr [ebp+122D2B14h] 0x0000002b pushad 0x0000002c sub dword ptr [ebp+122D3823h], eax 0x00000032 xor eax, eax 0x00000034 mov dword ptr [ebp+122D3823h], eax 0x0000003a mov edx, dword ptr [esp+28h] 0x0000003e jmp 00007F7BE0519226h 0x00000043 mov dword ptr [ebp+122D2D06h], eax 0x00000049 pushad 0x0000004a push ecx 0x0000004b jmp 00007F7BE0519229h 0x00000050 pop edi 0x00000051 mov eax, dword ptr [ebp+122D2D66h] 0x00000057 popad 0x00000058 mov esi, 0000003Ch 0x0000005d sub dword ptr [ebp+122D3823h], eax 0x00000063 add esi, dword ptr [esp+24h] 0x00000067 mov dword ptr [ebp+122D28E1h], ebx 0x0000006d lodsw 0x0000006f jmp 00007F7BE0519222h 0x00000074 jnl 00007F7BE051921Ch 0x0000007a add eax, dword ptr [esp+24h] 0x0000007e jmp 00007F7BE051921Eh 0x00000083 mov ebx, dword ptr [esp+24h] 0x00000087 pushad 0x00000088 mov edx, dword ptr [ebp+122D2C22h] 0x0000008e popad 0x0000008f push eax 0x00000090 pushad 0x00000091 push eax 0x00000092 push edx 0x00000093 push eax 0x00000094 push edx 0x00000095 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 33982E second address: 339833 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 339833 second address: 3398BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push eax 0x0000000b sub esi, dword ptr [ebp+122D38B3h] 0x00000011 pop ecx 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F7BE0519218h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e sub dword ptr [ebp+122D1E26h], eax 0x00000034 push 0429C4A2h 0x00000039 jp 00007F7BE051921Ch 0x0000003f xor dword ptr [esp], 0429C422h 0x00000046 mov edi, 050CB196h 0x0000004b push 00000003h 0x0000004d mov edi, eax 0x0000004f push 00000000h 0x00000051 sub dword ptr [ebp+122D28E1h], edi 0x00000057 push 00000003h 0x00000059 mov esi, dword ptr [ebp+122D2C9Ah] 0x0000005f push 9A6B2285h 0x00000064 push eax 0x00000065 push edx 0x00000066 push edx 0x00000067 jmp 00007F7BE0519223h 0x0000006c pop edx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 33995E second address: 3399E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 mov ch, 68h 0x0000000b push 00000000h 0x0000000d pushad 0x0000000e sub dword ptr [ebp+122D28E1h], ebx 0x00000014 pushad 0x00000015 mov edx, dword ptr [ebp+122D2CB2h] 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e popad 0x0000001f push E6FD2490h 0x00000024 jmp 00007F7BE16AB75Eh 0x00000029 add dword ptr [esp], 1902DBF0h 0x00000030 movzx esi, si 0x00000033 movzx edi, si 0x00000036 push 00000003h 0x00000038 mov dword ptr [ebp+122D2AFFh], edx 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push ebp 0x00000043 call 00007F7BE16AB758h 0x00000048 pop ebp 0x00000049 mov dword ptr [esp+04h], ebp 0x0000004d add dword ptr [esp+04h], 00000015h 0x00000055 inc ebp 0x00000056 push ebp 0x00000057 ret 0x00000058 pop ebp 0x00000059 ret 0x0000005a mov edi, esi 0x0000005c cmc 0x0000005d push 00000003h 0x0000005f mov dh, CAh 0x00000061 push 4B98DAAAh 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a jmp 00007F7BE16AB75Fh 0x0000006f rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3399E3 second address: 3399E9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3399E9 second address: 339A5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB75Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 74672556h 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007F7BE16AB758h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a jl 00007F7BE16AB75Ch 0x00000030 mov dword ptr [ebp+122D3AA6h], eax 0x00000036 lea ebx, dword ptr [ebp+1245567Fh] 0x0000003c mov edi, dword ptr [ebp+122D3823h] 0x00000042 xchg eax, ebx 0x00000043 push esi 0x00000044 jmp 00007F7BE16AB769h 0x00000049 pop esi 0x0000004a push eax 0x0000004b jp 00007F7BE16AB768h 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 339A5B second address: 339A5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 339AB5 second address: 339ABE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 339ABE second address: 339B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F7BE0519225h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F7BE0519218h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov edx, 0F816748h 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edi 0x00000031 call 00007F7BE0519218h 0x00000036 pop edi 0x00000037 mov dword ptr [esp+04h], edi 0x0000003b add dword ptr [esp+04h], 0000001Dh 0x00000043 inc edi 0x00000044 push edi 0x00000045 ret 0x00000046 pop edi 0x00000047 ret 0x00000048 jg 00007F7BE0519218h 0x0000004e push A62A3D4Dh 0x00000053 jc 00007F7BE051921Eh 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 339BDE second address: 339BE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 35B08C second address: 35B092 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 35B092 second address: 35B096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3290FE second address: 329127 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7BE0519230h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 329127 second address: 329149 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F7BE16AB769h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 359732 second address: 35974E instructions: 0x00000000 rdtsc 0x00000002 js 00007F7BE0519226h 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3598C8 second address: 3598D8 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7BE16AB756h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3598D8 second address: 3598DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 359A0F second address: 359A3A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7BE16AB76Ch 0x00000008 jmp 00007F7BE16AB766h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jp 00007F7BE16AB75Eh 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 359FA2 second address: 359FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7BE0519225h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F7BE0519218h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 359FC8 second address: 359FD1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 34D5DB second address: 34D5ED instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7BE0519218h 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F7BE0519216h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 32ABB5 second address: 32ABB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 35A11C second address: 35A126 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7BE0519216h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 35A126 second address: 35A171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F7BE16AB756h 0x0000000d push esi 0x0000000e pop esi 0x0000000f jmp 00007F7BE16AB769h 0x00000014 push edx 0x00000015 pop edx 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e popad 0x0000001f pushad 0x00000020 push edi 0x00000021 pop edi 0x00000022 jnl 00007F7BE16AB756h 0x00000028 jmp 00007F7BE16AB75Ch 0x0000002d push edi 0x0000002e pop edi 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 32911C second address: 329127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 35AA11 second address: 35AA17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 35AA17 second address: 35AA20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 35AA20 second address: 35AA26 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 35D76C second address: 35D772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 35D772 second address: 35D777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 35D777 second address: 35D791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7BE0519226h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 33198B second address: 331998 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 push edi 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 331998 second address: 3319A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3319A1 second address: 3319A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3319A5 second address: 3319A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 324014 second address: 324019 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 324019 second address: 32402F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jl 00007F7BE0519216h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 32402F second address: 324043 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB760h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 324043 second address: 32406F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7BE0519222h 0x0000000b jmp 00007F7BE051921Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007F7BE0519216h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36558D second address: 3655A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7BE16AB756h 0x0000000a popad 0x0000000b push ebx 0x0000000c ja 00007F7BE16AB756h 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3655A0 second address: 3655C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7BE051921Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3658CA second address: 3658E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7BE16AB75Fh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3658E6 second address: 3658F0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7BE0519216h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3658F0 second address: 365900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jc 00007F7BE16AB764h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 365D66 second address: 365D98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE0519224h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F7BE0519227h 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 368A06 second address: 368A0C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 368A0C second address: 368A11 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 368B18 second address: 368B1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 368B1E second address: 368B22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36914A second address: 3691AA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop ecx 0x0000000a popad 0x0000000b push eax 0x0000000c jnl 00007F7BE16AB769h 0x00000012 xchg eax, ebx 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F7BE16AB758h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d mov esi, 1792EC8Ah 0x00000032 nop 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F7BE16AB761h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3691AA second address: 3691B4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7BE051921Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3691B4 second address: 3691D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F7BE16AB767h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36935B second address: 36935F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36935F second address: 369365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 369365 second address: 36936A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 369544 second address: 369548 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 369548 second address: 36954E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3697AE second address: 3697C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB75Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3697C1 second address: 3697C6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36C5E4 second address: 36C5E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36C5E9 second address: 36C5EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36C5EF second address: 36C5F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36C5F3 second address: 36C5F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36EC51 second address: 36EC57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36F6A1 second address: 36F6FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 mov edi, ecx 0x00000009 sub edi, dword ptr [ebp+12456474h] 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F7BE0519218h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000018h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b call 00007F7BE0519224h 0x00000030 pushad 0x00000031 push edx 0x00000032 pop ebx 0x00000033 popad 0x00000034 pop edi 0x00000035 xor dword ptr [ebp+122D2A58h], ecx 0x0000003b push 00000000h 0x0000003d mov di, bx 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edi 0x00000045 pop edi 0x00000046 pop eax 0x00000047 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3730AC second address: 3730CC instructions: 0x00000000 rdtsc 0x00000002 je 00007F7BE16AB758h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F7BE16AB75Dh 0x00000015 push esi 0x00000016 pop esi 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3742B6 second address: 3742BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3742BC second address: 3742C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 37436C second address: 374387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F7BE0519224h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 374387 second address: 37438B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 377267 second address: 377278 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7BE0519216h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 377278 second address: 37727C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3782ED second address: 378314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 je 00007F7BE0519226h 0x0000000b jmp 00007F7BE0519220h 0x00000010 popad 0x00000011 push eax 0x00000012 jnp 00007F7BE0519236h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 37727C second address: 377280 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3791A8 second address: 3791B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3791B0 second address: 379252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebp 0x0000000a call 00007F7BE16AB758h 0x0000000f pop ebp 0x00000010 mov dword ptr [esp+04h], ebp 0x00000014 add dword ptr [esp+04h], 0000001Dh 0x0000001c inc ebp 0x0000001d push ebp 0x0000001e ret 0x0000001f pop ebp 0x00000020 ret 0x00000021 call 00007F7BE16AB767h 0x00000026 mov ebx, dword ptr [ebp+1245D814h] 0x0000002c pop ebx 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007F7BE16AB758h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 00000014h 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 jmp 00007F7BE16AB760h 0x0000004e sub dword ptr [ebp+1244F5D0h], eax 0x00000054 jns 00007F7BE16AB75Bh 0x0000005a push 00000000h 0x0000005c pushad 0x0000005d add dword ptr [ebp+122D27ABh], esi 0x00000063 popad 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 jnl 00007F7BE16AB75Ch 0x0000006d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 37A30D second address: 37A311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 37A4EC second address: 37A505 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 37A505 second address: 37A51A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 37D28C second address: 37D305 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F7BE16AB766h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F7BE16AB758h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov dword ptr [ebp+124559EDh], esi 0x0000002d sub bx, DF63h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edx 0x00000037 call 00007F7BE16AB758h 0x0000003c pop edx 0x0000003d mov dword ptr [esp+04h], edx 0x00000041 add dword ptr [esp+04h], 00000015h 0x00000049 inc edx 0x0000004a push edx 0x0000004b ret 0x0000004c pop edx 0x0000004d ret 0x0000004e push 00000000h 0x00000050 mov dword ptr [ebp+122D2AF8h], edx 0x00000056 xchg eax, esi 0x00000057 jbe 00007F7BE16AB760h 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 37C4AA second address: 37C4AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 37B42F second address: 37B459 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F7BE16AB75Ah 0x0000000b jmp 00007F7BE16AB75Dh 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jo 00007F7BE16AB756h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 37D4CA second address: 37D4DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 37C4AE second address: 37C4B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 37B459 second address: 37B46B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 381FA8 second address: 381FD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7BE16AB769h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 380EF5 second address: 380F03 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7BE0519216h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 381FD0 second address: 381FD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 381FD4 second address: 381FE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 382FC7 second address: 382FCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 382FCD second address: 382FDB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 382FDB second address: 382FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 382FE2 second address: 382FF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7BE051921Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 38B723 second address: 38B737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F7BE16AB75Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 38B9F6 second address: 38B9FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 38B9FA second address: 38B9FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 391C63 second address: 391C69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3924BC second address: 3924C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3924C0 second address: 1B7EB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 3AFE9BB8h 0x0000000d stc 0x0000000e push dword ptr [ebp+122D0921h] 0x00000014 je 00007F7BE0519229h 0x0000001a jmp 00007F7BE0519223h 0x0000001f call dword ptr [ebp+122D2B14h] 0x00000025 pushad 0x00000026 sub dword ptr [ebp+122D3823h], eax 0x0000002c xor eax, eax 0x0000002e mov dword ptr [ebp+122D3823h], eax 0x00000034 mov edx, dword ptr [esp+28h] 0x00000038 jmp 00007F7BE0519226h 0x0000003d mov dword ptr [ebp+122D2D06h], eax 0x00000043 pushad 0x00000044 push ecx 0x00000045 jmp 00007F7BE0519229h 0x0000004a pop edi 0x0000004b mov eax, dword ptr [ebp+122D2D66h] 0x00000051 popad 0x00000052 mov esi, 0000003Ch 0x00000057 sub dword ptr [ebp+122D3823h], eax 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 mov dword ptr [ebp+122D28E1h], ebx 0x00000067 lodsw 0x00000069 jmp 00007F7BE0519222h 0x0000006e jnl 00007F7BE051921Ch 0x00000074 add eax, dword ptr [esp+24h] 0x00000078 jmp 00007F7BE051921Eh 0x0000007d mov ebx, dword ptr [esp+24h] 0x00000081 pushad 0x00000082 mov edx, dword ptr [ebp+122D2C22h] 0x00000088 popad 0x00000089 push eax 0x0000008a pushad 0x0000008b push eax 0x0000008c push edx 0x0000008d push eax 0x0000008e push edx 0x0000008f rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 398D7C second address: 398D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 398D80 second address: 398DB0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7BE0519216h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e jmp 00007F7BE0519225h 0x00000013 pushad 0x00000014 popad 0x00000015 pop eax 0x00000016 jc 00007F7BE051921Ah 0x0000001c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 397AB6 second address: 397AF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F7BE16AB756h 0x0000000a jmp 00007F7BE16AB769h 0x0000000f popad 0x00000010 push ecx 0x00000011 jmp 00007F7BE16AB766h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 397AF3 second address: 397AFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 397AFB second address: 397B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7BE16AB756h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 jns 00007F7BE16AB756h 0x00000016 popad 0x00000017 pushad 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 397B17 second address: 397B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 397B1D second address: 397B2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F7BE16AB75Eh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 398001 second address: 39800D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7BE0519216h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39800D second address: 398012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 398012 second address: 398023 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7BE051921Ah 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3981AB second address: 3981B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7BE16AB756h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3981B8 second address: 3981D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F7BE0519223h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39833F second address: 398343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 398343 second address: 398347 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3984C7 second address: 3984D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007F7BE16AB75Ah 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 398653 second address: 398662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 ja 00007F7BE051921Eh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3988FE second address: 398905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39E0C7 second address: 39E0D1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7BE051921Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3671B0 second address: 3671C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7BE16AB75Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3676C5 second address: 3676CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3676CB second address: 3676D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3676D0 second address: 3676DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F7BE0519216h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3676DB second address: 3676E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3676E8 second address: 3676EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3676EC second address: 3676F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36774E second address: 36777A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE0519229h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7BE051921Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36777A second address: 36779C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 xchg eax, esi 0x00000008 mov edi, edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7BE16AB765h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36779C second address: 3677A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3678DC second address: 3678F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jp 00007F7BE16AB756h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push ecx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 367B0F second address: 367B25 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov cl, E1h 0x0000000c push 00000004h 0x0000000e clc 0x0000000f nop 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 367B25 second address: 367B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 367B29 second address: 367B2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 367B2D second address: 367B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 367EA6 second address: 367EB0 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7BE051921Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 367EB0 second address: 367F0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jg 00007F7BE16AB766h 0x0000000d jmp 00007F7BE16AB760h 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F7BE16AB758h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d push 0000001Eh 0x0000002f cmc 0x00000030 nop 0x00000031 jl 00007F7BE16AB775h 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F7BE16AB75Dh 0x0000003e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 36827A second address: 368280 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D27E second address: 39D28B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 ja 00007F7BE16AB758h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D28B second address: 39D29D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7BE051921Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D29D second address: 39D2AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D5AA second address: 39D5CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 jmp 00007F7BE0519220h 0x0000000c jnl 00007F7BE0519216h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D5CC second address: 39D5D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D5D0 second address: 39D5D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D729 second address: 39D72E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D8C2 second address: 39D8DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007F7BE0519216h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D8DE second address: 39D8E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D8E2 second address: 39D8F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D8F3 second address: 39D90F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 js 00007F7BE16AB756h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7BE16AB75Eh 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39D90F second address: 39D913 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39DA43 second address: 39DA5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7BE16AB763h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 39F7EA second address: 39F7F8 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7BE0519216h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3A0EE0 second address: 3A0EEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3A0EEA second address: 3A0F01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE0519223h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3A0F01 second address: 3A0F06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3A50F3 second address: 3A50FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3A50FB second address: 3A50FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3A50FF second address: 3A5111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F7BE051921Eh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3A5111 second address: 3A5121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F7BE16AB76Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3A7EEE second address: 3A7EF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 32C734 second address: 32C746 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 js 00007F7BE16AB756h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 32C746 second address: 32C784 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F7BE0519229h 0x0000000a pop esi 0x0000000b pushad 0x0000000c jmp 00007F7BE051921Eh 0x00000011 je 00007F7BE0519216h 0x00000017 push esi 0x00000018 pop esi 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 32C784 second address: 32C78A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3AC55C second address: 3AC56F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7BE0519216h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F7BE0519216h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3ACF0C second address: 3ACF1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F7BE16AB756h 0x0000000a js 00007F7BE16AB756h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3AD1B1 second address: 3AD1BB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7BE051921Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3AD48C second address: 3AD4C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB767h 0x00000007 jmp 00007F7BE16AB768h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3AD4C3 second address: 3AD4C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3AC2A4 second address: 3AC2A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3AC2A9 second address: 3AC2C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7BE0519222h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3AC2C7 second address: 3AC2E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F7BE16AB768h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3AC2E4 second address: 3AC2EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F7BE0519216h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B258D second address: 3B2591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B2591 second address: 3B25A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B25A0 second address: 3B25CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F7BE16AB758h 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f ja 00007F7BE16AB77Ah 0x00000015 jmp 00007F7BE16AB762h 0x0000001a push eax 0x0000001b push edx 0x0000001c jng 00007F7BE16AB756h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B25CF second address: 3B25D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B2990 second address: 3B2996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B2B1C second address: 3B2B28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F7BE0519216h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B2F27 second address: 3B2F33 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7BE16AB756h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B3095 second address: 3B30A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F7BE0519216h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B30A1 second address: 3B30A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B33BB second address: 3B33D6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7BE0519216h 0x00000008 jmp 00007F7BE0519221h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B6880 second address: 3B6898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7BE16AB75Ch 0x00000009 jo 00007F7BE16AB75Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B6898 second address: 3B68A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B68A0 second address: 3B68A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B68A4 second address: 3B68BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B616F second address: 3B618A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7BE16AB767h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B618A second address: 3B61A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B61A0 second address: 3B61A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B61A6 second address: 3B61AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B61AC second address: 3B61B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F7BE16AB75Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B6585 second address: 3B6589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B6589 second address: 3B6592 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B8A1B second address: 3B8A4B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE0519227h 0x00000007 jmp 00007F7BE051921Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B8A4B second address: 3B8A4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B8A4F second address: 3B8A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F7BE0519216h 0x0000000d jbe 00007F7BE0519216h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B8A64 second address: 3B8A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F7BE16AB756h 0x0000000d jmp 00007F7BE16AB763h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B8A84 second address: 3B8A96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F7BE0519216h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B8A96 second address: 3B8A9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B8A9A second address: 3B8AA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B8AA0 second address: 3B8AA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3B8AA9 second address: 3B8ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7BE051921Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3BCD2E second address: 3BCD4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB766h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3BCD4A second address: 3BCD52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3BCD52 second address: 3BCD56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3BD029 second address: 3BD044 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE0519225h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3BD044 second address: 3BD048 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3BD048 second address: 3BD06A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7BE0519216h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 jc 00007F7BE0519216h 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 push edi 0x0000001a jne 00007F7BE0519216h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3BD342 second address: 3BD372 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB75Ah 0x00000007 jmp 00007F7BE16AB767h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C0E07 second address: 3C0E11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C0E11 second address: 3C0E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C0E1D second address: 3C0E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 jmp 00007F7BE051921Fh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F7BE0519225h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C57C5 second address: 3C57FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB765h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F7BE16AB75Dh 0x00000014 je 00007F7BE16AB756h 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C57FD second address: 3C5808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7BE0519216h 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C5808 second address: 3C5814 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7BE16AB75Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C5AF6 second address: 3C5B23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F7BE0519216h 0x0000000f jmp 00007F7BE0519224h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C5B23 second address: 3C5B27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C5C49 second address: 3C5C55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jno 00007F7BE0519216h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C5DB7 second address: 3C5DC7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7BE16AB756h 0x00000008 jg 00007F7BE16AB756h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 367D73 second address: 367D79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 367D79 second address: 367DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F7BE16AB758h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 push 00000004h 0x00000025 nop 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F7BE16AB762h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 367DBE second address: 367DC8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C60EB second address: 3C60F4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C622B second address: 3C6236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C6236 second address: 3C6256 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F7BE16AB75Ah 0x0000000b jmp 00007F7BE16AB75Fh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3C6256 second address: 3C6263 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7BE0519218h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3CE69D second address: 3CE6A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 32E3B4 second address: 32E3BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 32E3BA second address: 32E3C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F7BE16AB758h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 32E3C7 second address: 32E3D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7BE051921Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 32E3D7 second address: 32E41A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F7BE16AB767h 0x00000010 jmp 00007F7BE16AB766h 0x00000015 popad 0x00000016 jng 00007F7BE16AB75Eh 0x0000001c push esi 0x0000001d pop esi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3CCD2F second address: 3CCD35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3CCD35 second address: 3CCD50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7BE16AB75Bh 0x0000000b popad 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F7BE16AB756h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3CD005 second address: 3CD018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7BE051921Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3CD7A4 second address: 3CD7A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3D3EC7 second address: 3D3ECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3D71F1 second address: 3D71F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3D71F5 second address: 3D71FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3D71FD second address: 3D7208 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F7BE16AB756h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3D7208 second address: 3D7229 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F7BE0519216h 0x0000000a popad 0x0000000b jmp 00007F7BE051921Bh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 jno 00007F7BE0519216h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3D7794 second address: 3D77BE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7BE16AB756h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007F7BE16AB75Eh 0x00000012 pop ecx 0x00000013 pushad 0x00000014 pushad 0x00000015 push edi 0x00000016 pop edi 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a je 00007F7BE16AB762h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3D77BE second address: 3D77C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3E0ECA second address: 3E0ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3E0ECE second address: 3E0ED6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3E0ED6 second address: 3E0EDB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3DF561 second address: 3DF565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3DF6CD second address: 3DF6E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7BE16AB756h 0x0000000a jnl 00007F7BE16AB756h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3DFED8 second address: 3DFEF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F7BE0519228h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3DFEF6 second address: 3DFEFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3E05FC second address: 3E0600 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3E0600 second address: 3E0629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F7BE16AB75Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7BE16AB75Fh 0x00000013 jnp 00007F7BE16AB756h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3E9619 second address: 3E961F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3E975D second address: 3E976C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F7BE16AB756h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3E98E4 second address: 3E98E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3E98E9 second address: 3E98F0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3F4874 second address: 3F487A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3F487A second address: 3F4884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3F4884 second address: 3F489C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F7BE051921Bh 0x0000000b popad 0x0000000c pop ecx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3F489C second address: 3F48AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7BE16AB75Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3F98D1 second address: 3F98DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3F94B1 second address: 3F94CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F7BE16AB765h 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3FE08F second address: 3FE095 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3FE095 second address: 3FE09A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3FE09A second address: 3FE0CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F7BE0519216h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jnp 00007F7BE051922Eh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3FE0CC second address: 3FE0D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 3FE0D2 second address: 3FE0D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 404966 second address: 404971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 41480B second address: 41480F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 41480F second address: 41483F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F7BE16AB761h 0x0000000c jmp 00007F7BE16AB763h 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 41483F second address: 414843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 414843 second address: 414847 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 413459 second address: 413490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7BE0519216h 0x0000000a pop ecx 0x0000000b pop esi 0x0000000c push ecx 0x0000000d jmp 00007F7BE0519220h 0x00000012 pushad 0x00000013 jmp 00007F7BE0519221h 0x00000018 jbe 00007F7BE0519216h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 417F96 second address: 417F9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 437774 second address: 43778F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F7BE0519222h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 43778F second address: 4377AC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7BE16AB763h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 43AB50 second address: 43AB5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 43AB5B second address: 43AB99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB75Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F7BE16AB769h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pushad 0x00000014 popad 0x00000015 pop edi 0x00000016 jne 00007F7BE16AB75Ch 0x0000001c jbe 00007F7BE16AB756h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 43AB99 second address: 43ABA3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7BE051921Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 44CF82 second address: 44CF86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 44CF86 second address: 44CF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7BE0519216h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 44CF92 second address: 44CFAF instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7BE16AB75Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jng 00007F7BE16AB75Eh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 450AE2 second address: 450AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 jmp 00007F7BE051921Eh 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 450AF9 second address: 450AFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 450C85 second address: 450C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7BE051921Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 450C97 second address: 450CA5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7BE16AB756h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 450CA5 second address: 450CAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 45153E second address: 451547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 451547 second address: 45154C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 45154C second address: 45156A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE16AB768h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 45156A second address: 45156E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 45156E second address: 451572 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 45170A second address: 45171E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 45171E second address: 451724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 451724 second address: 451728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 451728 second address: 45172E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 451894 second address: 451898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 451898 second address: 4518A8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F7BE16AB75Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 4518A8 second address: 4518BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7BE0519222h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 4518BE second address: 4518D0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7BE16AB75Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 4518D0 second address: 4518DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7BE051921Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 4547EF second address: 4547F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 4547F3 second address: 45482E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jns 00007F7BE051921Ch 0x0000000f push 00000004h 0x00000011 or dword ptr [ebp+122D35C5h], eax 0x00000017 call 00007F7BE0519219h 0x0000001c jbe 00007F7BE051921Eh 0x00000022 jns 00007F7BE0519218h 0x00000028 pushad 0x00000029 popad 0x0000002a push eax 0x0000002b pushad 0x0000002c pushad 0x0000002d push eax 0x0000002e pop eax 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 45482E second address: 45487E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007F7BE16AB756h 0x0000000c jmp 00007F7BE16AB75Ah 0x00000011 popad 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jmp 00007F7BE16AB765h 0x0000001c mov eax, dword ptr [eax] 0x0000001e jmp 00007F7BE16AB764h 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 45487E second address: 454890 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7BE051921Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 454B44 second address: 454B4D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 455DD3 second address: 455DD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 455DD7 second address: 455DDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 455DDD second address: 455DE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\613vKYuY2S.exe RDTSC instruction interceptor: First address: 455DE7 second address: 455DEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\613vKYuY2S.exe Special instruction interceptor: First address: 1B7F49 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\613vKYuY2S.exe Special instruction interceptor: First address: 1B7E15 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\613vKYuY2S.exe Special instruction interceptor: First address: 35D692 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\613vKYuY2S.exe Special instruction interceptor: First address: 3EF9A8 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\613vKYuY2S.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001B8045 rdtsc 1_2_001B8045
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\613vKYuY2S.exe TID: 5172 Thread sleep time: -90000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe TID: 964 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: 613vKYuY2S.exe, 613vKYuY2S.exe, 00000001.00000002.2243601000.000000000033E000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 613vKYuY2S.exe, 00000001.00000003.2242209312.00000000012F7000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000002.2245273274.000000000133F000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2237924683.000000000133B000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2242099587.000000000133E000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000002.2244757262.00000000012F9000.00000004.00000020.00020000.00000000.sdmp, 613vKYuY2S.exe, 00000001.00000003.2238915485.000000000133B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: 613vKYuY2S.exe, 00000001.00000002.2243601000.000000000033E000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\613vKYuY2S.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\613vKYuY2S.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\613vKYuY2S.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\613vKYuY2S.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\613vKYuY2S.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\613vKYuY2S.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\613vKYuY2S.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\613vKYuY2S.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\613vKYuY2S.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\613vKYuY2S.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\613vKYuY2S.exe File opened: NTICE
Source: C:\Users\user\Desktop\613vKYuY2S.exe File opened: SICE
Source: C:\Users\user\Desktop\613vKYuY2S.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\613vKYuY2S.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\613vKYuY2S.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001B8045 rdtsc 1_2_001B8045
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_0019C1F0 LdrInitializeThunk, 1_2_0019C1F0

HIPS / PFW / Operating System Protection Evasion
barindex
LummaC encrypted strings found
Source: 613vKYuY2S.exe String found in binary or memory: rapeflowwj.lat
Source: 613vKYuY2S.exe String found in binary or memory: crosshuaht.lat
Source: 613vKYuY2S.exe String found in binary or memory: sustainskelet.lat
Source: 613vKYuY2S.exe String found in binary or memory: aspecteirs.lat
Source: 613vKYuY2S.exe String found in binary or memory: energyaffai.lat
Source: 613vKYuY2S.exe String found in binary or memory: necklacebudi.lat
Source: 613vKYuY2S.exe String found in binary or memory: discokeyus.lat
Source: 613vKYuY2S.exe String found in binary or memory: grannyejh.lat
Source: 613vKYuY2S.exe String found in binary or memory: sweepyribs.lat
Source: 613vKYuY2S.exe, 613vKYuY2S.exe, 00000001.00000002.2243751283.0000000000384000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: .Program Manager
Source: C:\Users\user\Desktop\613vKYuY2S.exe Code function: 1_2_001B636D GetVersion, 1_2_001B636D
Source: C:\Users\user\Desktop\613vKYuY2S.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579776 Sample: 613vKYuY2S.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 10 sweepyribs.lat 2->10 12 sustainskelet.lat 2->12 14 10 other IPs or domains 2->14 18 Suricata IDS alerts for network traffic 2->18 20 Found malware configuration 2->20 22 Antivirus / Scanner detection for submitted sample 2->22 24 8 other signatures 2->24 6 613vKYuY2S.exe 2->6         started        signatures3 process4 dnsIp5 16 steamcommunity.com 104.102.49.254, 443, 49720 AKAMAI-ASUS United States 6->16 26 Detected unpacking (changes PE section rights) 6->26 28 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->28 30 Tries to evade debugger and weak emulator (self modifying code) 6->30 32 4 other signatures 6->32 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.102.49.254
 steamcommunity.com United States
16625 AKAMAI-ASUS false

Contacted Domains

Name IP Active
steamcommunity.com 104.102.49.254 true
ax-0001.ax-msedge.net 150.171.28.10 true
sustainskelet.lat unknown unknown
crosshuaht.lat unknown unknown
rapeflowwj.lat unknown unknown
grannyejh.lat unknown unknown
aspecteirs.lat unknown unknown
sweepyribs.lat unknown unknown
discokeyus.lat unknown unknown
energyaffai.lat unknown unknown
necklacebudi.lat unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
necklacebudi.lat false
    		high
    aspecteirs.lat false
      		high
      sweepyribs.lat false
        		high
        sustainskelet.lat false
          		high
          crosshuaht.lat false
            		high
            rapeflowwj.lat false
              		high
              https://steamcommunity.com/profiles/76561199724331900 false
                		high
                energyaffai.lat false
                  		high
                  grannyejh.lat false
                    		high
                    discokeyus.lat false
                      		high