Windows Analysis Report
cqHMm0ykDG.exe

Overview

General Information

Sample name:	cqHMm0ykDG.exe renamed because original name is a hash value
Original sample name:	381279537c50d9cfcb8f30729500f279.exe
Analysis ID:	1580955
MD5:	381279537c50d9cfcb8f30729500f279
SHA1:	f62f1db11cdda24b84e491aaf8c3022290077c29
SHA256:	d81d29588d59cf2724fdd72138b75d36fae4561716972f25d44266640b7f0f52
Tags:	exeuser-abuse_ch
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: cqHMm0ykDG.exe

Avira: detected

Found malware configuration

Source: cqHMm0ykDG.exe.4836.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["rebuildeso.buzz", "scentniej.buzz", "screwamusresz.buzz", "inherineau.buzz", "mindhandru.buzz", "cashfuzysao.buzz", "hummskitnj.buzz", "appliacnesot.buzz", "prisonyfork.buzz"], "Build id": "PsFKDg--pablo"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: cqHMm0ykDG.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: hummskitnj.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: cashfuzysao.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: appliacnesot.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: screwamusresz.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: inherineau.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: scentniej.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: rebuildeso.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: prisonyfork.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: mindhandru.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: PsFKDg--pablo

Uses 32bit PE files

Source: cqHMm0ykDG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.5:49704 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ebx	0_2_00628600
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00661720
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00628A50
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064C0E6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov esi, ecx	0_2_006490D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064E0DA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064C09E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_00661160
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov eax, dword ptr [00666130h]	0_2_00638169
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_0064B170
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0064D17D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064C09E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0064D116
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006481CC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00656210
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00660340
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064D34A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0063C300
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_006273D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_006273D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006483D8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_0064C465
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064C465
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0063747D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_0063747D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov eax, ebx	0_2_00647440
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_00647440
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_0063B57D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00648528
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edi, ecx	0_2_0064A5B6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_006606F0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_00647740
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then jmp eax	0_2_00649739
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then jmp edx	0_2_006437D6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00629780
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0064C850
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00642830
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_0065C830
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then push esi	0_2_0062C805
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ecx	0_2_0063B8F6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ecx	0_2_0063B8F6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0063D8D8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0063D8D8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov eax, ebx	0_2_0063C8A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_0063C8A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_0063C8A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_0063C8A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0063D8AC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0063D8AC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006489E9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then jmp edx	0_2_006439B9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_006439B9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0064B980
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_0065C990
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_0065CA40
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then dec edx	0_2_0065FA20
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00641A10
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_0064AAC0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_0062AB40
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then dec edx	0_2_0065FB10
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ecx	0_2_00638B1B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_0063EB80
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_0062CC7A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00634CA0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then dec edx	0_2_0065FD70
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_00660D20
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ecx	0_2_00646D2E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_0065CDF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_0065CDF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_0065CDF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_0065CDF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064DDFF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_0065EDC1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_00642E6D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then jmp edx	0_2_00642E6D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00642E6D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064DE07
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then dec edx	0_2_0065FE00
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]	0_2_00622EB0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ecx	0_2_00649E80
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00636F52
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0064BF13
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_00645F1B

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 104.21.11.101:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: rebuildeso.buzz
Source: Malware configuration extractor	URLs: scentniej.buzz
Source: Malware configuration extractor	URLs: screwamusresz.buzz
Source: Malware configuration extractor	URLs: inherineau.buzz
Source: Malware configuration extractor	URLs: mindhandru.buzz
Source: Malware configuration extractor	URLs: cashfuzysao.buzz
Source: Malware configuration extractor	URLs: hummskitnj.buzz
Source: Malware configuration extractor	URLs: appliacnesot.buzz
Source: Malware configuration extractor	URLs: prisonyfork.buzz

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 104.21.11.101 104.21.11.101

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 104.21.11.101:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mindhandru.buzz

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: mindhandru.buzz

Source: unknown

Source: cqHMm0ykDG.exe, 00000000.00000003.2181536592.000000000141F000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000003.2181338396.0000000001403000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: cqHMm0ykDG.exe, 00000000.00000003.2181718523.00000000013D6000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182999910.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/
Source: cqHMm0ykDG.exe, 00000000.00000003.2181338396.0000000001403000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182814366.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/api
Source: cqHMm0ykDG.exe, 00000000.00000003.2181567778.0000000001403000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182999910.0000000001403000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000003.2181338396.0000000001403000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/apill
Source: cqHMm0ykDG.exe, 00000000.00000003.2181338396.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182926802.00000000013B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/d
Source: cqHMm0ykDG.exe, 00000000.00000003.2181718523.00000000013D6000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182999910.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/pie
Source: cqHMm0ykDG.exe, 00000000.00000003.2181338396.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182926802.00000000013B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz:443/api

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.5:49704 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: cqHMm0ykDG.exe	Static PE information: section name:
Source: cqHMm0ykDG.exe	Static PE information: section name: .idata
Source: cqHMm0ykDG.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00628600	0_2_00628600
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C606D	0_2_006C606D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C0063	0_2_006C0063
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BC070	0_2_006BC070
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070C06B	0_2_0070C06B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E5072	0_2_006E5072
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DC04C	0_2_006DC04C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D6047	0_2_006D6047
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DA042	0_2_006DA042
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FF051	0_2_006FF051
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062D021	0_2_0062D021
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EF032	0_2_006EF032
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063D003	0_2_0063D003
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B7001	0_2_006B7001
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FD004	0_2_006FD004
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C701C	0_2_006C701C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00704000	0_2_00704000
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AB01E	0_2_006AB01E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C30EC	0_2_006C30EC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064C0E6	0_2_0064C0E6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006360E9	0_2_006360E9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FC0FE	0_2_006FC0FE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006920F5	0_2_006920F5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CE0F1	0_2_006CE0F1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064A0CA	0_2_0064A0CA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C20DA	0_2_006C20DA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007020BF	0_2_007020BF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069D0B6	0_2_0069D0B6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE	0_2_007100AE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F208F	0_2_006F208F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D008E	0_2_006D008E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064C09E	0_2_0064C09E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00626160	0_2_00626160
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B7169	0_2_006B7169
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D2168	0_2_006D2168
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00638169	0_2_00638169
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AD15A	0_2_006AD15A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006ED158	0_2_006ED158
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064C09E	0_2_0064C09E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F8130	0_2_006F8130
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062B100	0_2_0062B100
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F011A	0_2_006F011A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A11FE	0_2_006A11FE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006481CC	0_2_006481CC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068F1C5	0_2_0068F1C5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FB1D8	0_2_006FB1D8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069F1D0	0_2_0069F1D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EE1D1	0_2_006EE1D1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068A1A8	0_2_0068A1A8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070A1B3	0_2_0070A1B3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070B1B7	0_2_0070B1B7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006491AE	0_2_006491AE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B518A	0_2_006B518A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064E180	0_2_0064E180
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065F18B	0_2_0065F18B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BD19E	0_2_006BD19E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00704189	0_2_00704189
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00700270	0_2_00700270
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068D26D	0_2_0068D26D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070727E	0_2_0070727E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00624270	0_2_00624270
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069624E	0_2_0069624E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C8245	0_2_006C8245
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069A25C	0_2_0069A25C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063E220	0_2_0063E220
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00631227	0_2_00631227
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AB225	0_2_006AB225
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CD23C	0_2_006CD23C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00703226	0_2_00703226
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00699235	0_2_00699235
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C5231	0_2_006C5231
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069120A	0_2_0069120A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069720F	0_2_0069720F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0071521A	0_2_0071521A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B421B	0_2_006B421B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069E215	0_2_0069E215
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FA2E5	0_2_006FA2E5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D52F2	0_2_007D52F2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F32F8	0_2_006F32F8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BF2C9	0_2_006BF2C9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006442D0	0_2_006442D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CC2D4	0_2_006CC2D4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D22C6	0_2_007D22C6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DB2AD	0_2_006DB2AD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006812AE	0_2_006812AE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068B2A2	0_2_0068B2A2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E92A2	0_2_006E92A2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00659280	0_2_00659280
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007E1295	0_2_007E1295
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D8280	0_2_006D8280
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069C29F	0_2_0069C29F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A8366	0_2_006A8366
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064F377	0_2_0064F377
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00706368	0_2_00706368
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E5377	0_2_006E5377
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A0370	0_2_006A0370
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C9376	0_2_006C9376
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00641340	0_2_00641340
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064D34A	0_2_0064D34A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AF359	0_2_006AF359
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E132D	0_2_006E132D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070D326	0_2_0070D326
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E3334	0_2_006E3334
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CA337	0_2_006CA337
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00687304	0_2_00687304
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00629310	0_2_00629310
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006863ED	0_2_006863ED
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AA3E2	0_2_006AA3E2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F23E0	0_2_006F23E0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062F3C0	0_2_0062F3C0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D33CB	0_2_006D33CB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F73C9	0_2_006F73C9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CB3C6	0_2_006CB3C6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006273D0	0_2_006273D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006483D8	0_2_006483D8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D93D3	0_2_006D93D3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FC3AD	0_2_006FC3AD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006963AC	0_2_006963AC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FE3A8	0_2_006FE3A8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E63BC	0_2_006E63BC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006823B0	0_2_006823B0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A93B1	0_2_006A93B1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D438A	0_2_006D438A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00689385	0_2_00689385
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B9385	0_2_006B9385
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00683394	0_2_00683394
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A5396	0_2_006A5396
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00660460	0_2_00660460
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C747E	0_2_006C747E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FD47C	0_2_006FD47C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DA478	0_2_006DA478
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C2477	0_2_006C2477
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063747D	0_2_0063747D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00647440	0_2_00647440
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065A440	0_2_0065A440
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BB455	0_2_006BB455
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D043A	0_2_007D043A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00693427	0_2_00693427
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CF435	0_2_006CF435
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AC436	0_2_006AC436
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DF430	0_2_006DF430
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C6405	0_2_006C6405
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006424E0	0_2_006424E0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062D4F3	0_2_0062D4F3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E24F9	0_2_006E24F9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006404C6	0_2_006404C6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006874AB	0_2_006874AB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E84BD	0_2_006E84BD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B148B	0_2_006B148B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E748B	0_2_006E748B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E149A	0_2_006E149A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C449A	0_2_006C449A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069D492	0_2_0069D492
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00644560	0_2_00644560
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AE522	0_2_006AE522
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064C53C	0_2_0064C53C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00700517	0_2_00700517
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068A510	0_2_0068A510
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A3513	0_2_006A3513
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CE510	0_2_006CE510
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006ED5EF	0_2_006ED5EF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006265F0	0_2_006265F0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B85F9	0_2_006B85F9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007055E9	0_2_007055E9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BE5F0	0_2_006BE5F0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EA5DE	0_2_006EA5DE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065A5D4	0_2_0065A5D4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068F5AC	0_2_0068F5AC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065C5A0	0_2_0065C5A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006845A6	0_2_006845A6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069F5B5	0_2_0069F5B5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069C583	0_2_0069C583
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B0669	0_2_006B0669
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00683661	0_2_00683661
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D2666	0_2_006D2666
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D167A	0_2_006D167A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070E668	0_2_0070E668
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AA676	0_2_006AA676
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EE64E	0_2_006EE64E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F1648	0_2_006F1648
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00658650	0_2_00658650
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AB62F	0_2_006AB62F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FB624	0_2_006FB624
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063E630	0_2_0063E630
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069A63E	0_2_0069A63E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C0630	0_2_006C0630
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FF60F	0_2_006FF60F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069760D	0_2_0069760D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CD608	0_2_006CD608
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062F60D	0_2_0062F60D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00709607	0_2_00709607
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063961B	0_2_0063961B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00691613	0_2_00691613
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E66E7	0_2_006E66E7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CA6F9	0_2_006CA6F9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006606F0	0_2_006606F0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069B6FE	0_2_0069B6FE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CB6DD	0_2_006CB6DD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006446D0	0_2_006446D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007016CB	0_2_007016CB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D46D1	0_2_006D46D1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007116A0	0_2_007116A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006996BB	0_2_006996BB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A16BD	0_2_006A16BD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D66B6	0_2_006D66B6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E56B3	0_2_006E56B3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F968F	0_2_006F968F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062E687	0_2_0062E687
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EC680	0_2_006EC680
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BF69E	0_2_006BF69E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DC69A	0_2_006DC69A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D0691	0_2_006D0691
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070368D	0_2_0070368D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00709778	0_2_00709778
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00712767	0_2_00712767
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00647740	0_2_00647740
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0071575B	0_2_0071575B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00632750	0_2_00632750
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F472A	0_2_006F472A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068172F	0_2_0068172F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00698723	0_2_00698723
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068073B	0_2_0068073B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069473E	0_2_0069473E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FD736	0_2_006FD736
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00649739	0_2_00649739
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C1701	0_2_006C1701
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068B718	0_2_0068B718
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069D7EA	0_2_0069D7EA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007047EF	0_2_007047EF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006357C0	0_2_006357C0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070D7D6	0_2_0070D7D6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006867CF	0_2_006867CF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AC7CD	0_2_006AC7CD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A37C6	0_2_006A37C6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B67DA	0_2_006B67DA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069E7AD	0_2_0069E7AD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DF7BE	0_2_006DF7BE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00629780	0_2_00629780
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00682781	0_2_00682781
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A979E	0_2_006A979E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E7792	0_2_006E7792
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068F795	0_2_0068F795
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FE86D	0_2_006FE86D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F8866	0_2_006F8866
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C787C	0_2_006C787C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EB87E	0_2_006EB87E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F7871	0_2_006F7871
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062C840	0_2_0062C840
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E4840	0_2_006E4840
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069C857	0_2_0069C857
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D782F	0_2_006D782F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069282D	0_2_0069282D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068982E	0_2_0068982E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00693822	0_2_00693822
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BD83B	0_2_006BD83B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069683B	0_2_0069683B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A883F	0_2_006A883F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062D83C	0_2_0062D83C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B3809	0_2_006B3809
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E1800	0_2_006E1800
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FC81A	0_2_006FC81A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A6816	0_2_006A6816
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007DF802	0_2_007DF802
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006868EA	0_2_006868EA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007078F7	0_2_007078F7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D38F4	0_2_007D38F4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F18E0	0_2_006F18E0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063B8F6	0_2_0063B8F6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006238C0	0_2_006238C0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007108D9	0_2_007108D9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A78C4	0_2_006A78C4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006538D0	0_2_006538D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C68D4	0_2_006C68D4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063C8A0	0_2_0063C8A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E88A4	0_2_006E88A4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BB8B8	0_2_006BB8B8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006588B0	0_2_006588B0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CE8BA	0_2_006CE8BA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006848BF	0_2_006848BF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00706883	0_2_00706883
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DB892	0_2_006DB892
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063E960	0_2_0063E960
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C2966	0_2_006C2966
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068297C	0_2_0068297C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DD940	0_2_006DD940
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CD95D	0_2_006CD95D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B695F	0_2_006B695F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EE92B	0_2_006EE92B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0073493D	0_2_0073493D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00625900	0_2_00625900
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A4909	0_2_006A4909
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E290A	0_2_006E290A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00646910	0_2_00646910
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C59E8	0_2_006C59E8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006609E0	0_2_006609E0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064C9EB	0_2_0064C9EB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BA9F0	0_2_006BA9F0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006929CB	0_2_006929CB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C39C0	0_2_006C39C0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D69CC	0_2_007D69CC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007E39C0	0_2_007E39C0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C49D3	0_2_006C49D3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D59AA	0_2_006D59AA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007009B7	0_2_007009B7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F29A0	0_2_006F29A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006439B9	0_2_006439B9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B798B	0_2_006B798B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00711997	0_2_00711997
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DF985	0_2_006DF985
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D8994	0_2_007D8994
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C899D	0_2_006C899D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E9992	0_2_006E9992
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E0A6E	0_2_006E0A6E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E3A6E	0_2_006E3A6E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00702A64	0_2_00702A64
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00714A52	0_2_00714A52
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065CA40	0_2_0065CA40
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065DA4D	0_2_0065DA4D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00655A4F	0_2_00655A4F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00705A5A	0_2_00705A5A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F0A56	0_2_006F0A56
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F9A54	0_2_006F9A54
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065FA20	0_2_0065FA20
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00698A24	0_2_00698A24
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B8A00	0_2_006B8A00
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00695A19	0_2_00695A19
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DAAE4	0_2_006DAAE4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D6AE3	0_2_006D6AE3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DEAF2	0_2_006DEAF2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068DAC7	0_2_0068DAC7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00639AD0	0_2_00639AD0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F4AD6	0_2_006F4AD6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068FAAD	0_2_0068FAAD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D8AAA	0_2_006D8AAA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A1ABB	0_2_006A1ABB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00648ABC	0_2_00648ABC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FDAB0	0_2_006FDAB0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00659A80	0_2_00659A80
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00687A85	0_2_00687A85
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F6A9B	0_2_006F6A9B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00688A9D	0_2_00688A9D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D2B63	0_2_006D2B63
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062AB40	0_2_0062AB40
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AEB45	0_2_006AEB45
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B2B53	0_2_006B2B53
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C0B28	0_2_006C0B28
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D7B3A	0_2_007D7B3A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00701B37	0_2_00701B37
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B5B23	0_2_006B5B23
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F3B38	0_2_006F3B38
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00693B30	0_2_00693B30
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E9B30	0_2_006E9B30
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00712B1A	0_2_00712B1A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065FB10	0_2_0065FB10
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00638B1B	0_2_00638B1B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DCBED	0_2_006DCBED
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FFBE8	0_2_006FFBE8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CFBFC	0_2_006CFBFC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00713BE5	0_2_00713BE5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E7BF9	0_2_006E7BF9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00710BEF	0_2_00710BEF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069BBCE	0_2_0069BBCE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AFBC0	0_2_006AFBC0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A8BD8	0_2_006A8BD8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00699BDC	0_2_00699BDC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CCBD5	0_2_006CCBD5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00685BD2	0_2_00685BD2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A5BD6	0_2_006A5BD6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070BBCF	0_2_0070BBCF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00624BA0	0_2_00624BA0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AABA7	0_2_006AABA7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006ACBB8	0_2_006ACBB8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E5BBA	0_2_006E5BBA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E3BB9	0_2_006E3BB9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063EB80	0_2_0063EB80
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069AB8D	0_2_0069AB8D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00704B8C	0_2_00704B8C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BBC6A	0_2_006BBC6A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007C8C77	0_2_007C8C77
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00684C65	0_2_00684C65
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00691C77	0_2_00691C77
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C6C5C	0_2_006C6C5C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A3C5B	0_2_006A3C5B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DBC5C	0_2_006DBC5C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068DC5E	0_2_0068DC5E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A9C50	0_2_006A9C50
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D9C3C	0_2_006D9C3C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C7C3F	0_2_006C7C3F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007DDC24	0_2_007DDC24
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CDC36	0_2_006CDC36
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00694C35	0_2_00694C35
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A6C02	0_2_006A6C02
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D3C06	0_2_006D3C06
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BFC05	0_2_006BFC05
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00653C10	0_2_00653C10
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EEC13	0_2_006EEC13
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00651CF0	0_2_00651CF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007C7CEB	0_2_007C7CEB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BCCF2	0_2_006BCCF2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00854C19	0_2_00854C19
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D4CD6	0_2_006D4CD6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00712CB3	0_2_00712CB3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00634CA0	0_2_00634CA0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F1CBE	0_2_006F1CBE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069ECB2	0_2_0069ECB2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00708C93	0_2_00708C93
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A7C8D	0_2_006A7C8D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069CC9E	0_2_0069CC9E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00706C87	0_2_00706C87
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BDC96	0_2_006BDC96
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EFC90	0_2_006EFC90
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00709D70	0_2_00709D70
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F8D65	0_2_006F8D65
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065FD70	0_2_0065FD70
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E1D71	0_2_006E1D71
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064CD4C	0_2_0064CD4C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00690D59	0_2_00690D59
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070AD48	0_2_0070AD48
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064CD5E	0_2_0064CD5E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00660D20	0_2_00660D20
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00631D2B	0_2_00631D2B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00646D2E	0_2_00646D2E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D5D3C	0_2_006D5D3C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00659D30	0_2_00659D30
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A0D3F	0_2_006A0D3F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F3D3A	0_2_006F3D3A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00641D00	0_2_00641D00
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00707D15	0_2_00707D15
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D1D04	0_2_006D1D04
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00705DFA	0_2_00705DFA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AEDE6	0_2_006AEDE6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065CDF0	0_2_0065CDF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00625DC0	0_2_00625DC0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068EDC2	0_2_0068EDC2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068CDD0	0_2_0068CDD0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E8DA8	0_2_006E8DA8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00689DA0	0_2_00689DA0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00657DA9	0_2_00657DA9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068ADA5	0_2_0068ADA5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B0DA4	0_2_006B0DA4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D8DB8	0_2_006D8DB8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CADB0	0_2_006CADB0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064EE63	0_2_0064EE63
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F5E68	0_2_006F5E68
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00640E6C	0_2_00640E6C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00642E6D	0_2_00642E6D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F2E63	0_2_006F2E63
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064FE74	0_2_0064FE74
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0073CE50	0_2_0073CE50
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00702E5A	0_2_00702E5A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00680E47	0_2_00680E47
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EAE2A	0_2_006EAE2A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FBE20	0_2_006FBE20
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00711E27	0_2_00711E27
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065FE00	0_2_0065FE00
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00695E13	0_2_00695E13
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E9EEA	0_2_006E9EEA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B2EF2	0_2_006B2EF2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FFEC1	0_2_006FFEC1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006ABED2	0_2_006ABED2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E0ED6	0_2_006E0ED6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00658EA0	0_2_00658EA0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D6EAA	0_2_006D6EAA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00622EB0	0_2_00622EB0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063AEB0	0_2_0063AEB0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EBEB5	0_2_006EBEB5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D6E9C	0_2_007D6E9C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A4E99	0_2_006A4E99
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DEF66	0_2_006DEF66
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C3F7A	0_2_006C3F7A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070DF6B	0_2_0070DF6B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069FF76	0_2_0069FF76
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00704F40	0_2_00704F40
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00636F52	0_2_00636F52
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063DF50	0_2_0063DF50
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070FF43	0_2_0070FF43
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E6F58	0_2_006E6F58
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B5F51	0_2_006B5F51
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B8F2C	0_2_006B8F2C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D2F33	0_2_006D2F33
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A6F09	0_2_006A6F09
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00682F0D	0_2_00682F0D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00692F0E	0_2_00692F0E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C9F02	0_2_006C9F02
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A8F11	0_2_006A8F11
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00645F1B	0_2_00645F1B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A1FEE	0_2_006A1FEE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A4FEE	0_2_006A4FEE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C7FE8	0_2_006C7FE8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00684FEE	0_2_00684FEE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FDFE7	0_2_006FDFE7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00710FFB	0_2_00710FFB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DFFE6	0_2_006DFFE6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00685FCB	0_2_00685FCB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00716FDC	0_2_00716FDC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D0FDE	0_2_006D0FDE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E7FD4	0_2_006E7FD4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070EFB1	0_2_0070EFB1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069BFBF	0_2_0069BFBF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D3FB1	0_2_006D3FB1

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: String function: 00627F60 appears 40 times
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: String function: 00634C90 appears 77 times

Uses 32bit PE files

Source: cqHMm0ykDG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: cqHMm0ykDG.exe	Static PE information: Section: ZLIB complexity 0.9996297998366013
Source: cqHMm0ykDG.exe	Static PE information: Section: xocmleeq ZLIB complexity 0.9946934735757121

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Code function: 0_2_00652070 CoCreateInstance,

0_2_00652070

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: cqHMm0ykDG.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

File read: C:\Users\user\Desktop\cqHMm0ykDG.exe

Jump to behavior

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: cqHMm0ykDG.exe

Static file information: File size 1879552 > 1048576

Source: cqHMm0ykDG.exe

Static PE information: Raw size of xocmleeq is bigger than: 0x100000 < 0x1a0e00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Unpacked PE file: 0.2.cqHMm0ykDG.exe.620000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xocmleeq:EW;fptgzdnx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xocmleeq:EW;fptgzdnx:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: cqHMm0ykDG.exe

Static PE information: real checksum: 0x1d7665 should be: 0x1d0c85

PE file contains sections with non-standard names

Source: cqHMm0ykDG.exe	Static PE information: section name:
Source: cqHMm0ykDG.exe	Static PE information: section name: .idata
Source: cqHMm0ykDG.exe	Static PE information: section name:
Source: cqHMm0ykDG.exe	Static PE information: section name: xocmleeq
Source: cqHMm0ykDG.exe	Static PE information: section name: fptgzdnx
Source: cqHMm0ykDG.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067927A push 2F5B4E91h; mov dword ptr [esp], ecx	0_2_00679401
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00657069 push es; retf	0_2_00657074
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00865090 push 237A8B0Ch; mov dword ptr [esp], ebx	0_2_00865103
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067C047 push 617CDF89h; mov dword ptr [esp], edx	0_2_0067CEEA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00722041 push ebx; mov dword ptr [esp], 6A31849Eh	0_2_007220A2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00722041 push ebx; mov dword ptr [esp], eax	0_2_0072215A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00722041 push 5E44C4FBh; mov dword ptr [esp], edi	0_2_00722162
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00722041 push ebx; mov dword ptr [esp], esi	0_2_007221A1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00722041 push ecx; mov dword ptr [esp], edi	0_2_007221DF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_008750B4 push 20EF1EC6h; mov dword ptr [esp], esp	0_2_008750D4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067E05D push 70812741h; mov dword ptr [esp], ebp	0_2_0067E068
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00680052 push 46564348h; mov dword ptr [esp], ebp	0_2_00680069
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_008810C2 push 0C774463h; mov dword ptr [esp], eax	0_2_008810F8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00678012 push 5C8D06ABh; mov dword ptr [esp], edi	0_2_0067858C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006790ED push edx; mov dword ptr [esp], edi	0_2_0067910A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067D0FB push esi; mov dword ptr [esp], edx	0_2_0067D102
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067D0FB push ebx; mov dword ptr [esp], 00000004h	0_2_0067D109
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006780C1 push 48C64C30h; mov dword ptr [esp], eax	0_2_006780C6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006780C1 push 72BCB330h; mov dword ptr [esp], ecx	0_2_006786CA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067E0CE push eax; mov dword ptr [esp], edx	0_2_006802D7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006770BE push edx; mov dword ptr [esp], 620D5D1Bh	0_2_0067736D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push ecx; mov dword ptr [esp], 7918F981h	0_2_00710543
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push 16429D12h; mov dword ptr [esp], eax	0_2_00710555
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push ecx; mov dword ptr [esp], ebx	0_2_00710573
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push edx; mov dword ptr [esp], edi	0_2_00710646
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push ebx; mov dword ptr [esp], 6BA5BD87h	0_2_0071068F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push 524DE377h; mov dword ptr [esp], edx	0_2_007106AB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push edx; mov dword ptr [esp], 6372ACF8h	0_2_007106C5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push 5C7AD162h; mov dword ptr [esp], esi	0_2_007107CF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push edi; mov dword ptr [esp], eax	0_2_007107DE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00679140 push 3EE45061h; mov dword ptr [esp], eax	0_2_00679154

Source: cqHMm0ykDG.exe	Static PE information: section name: entropy: 7.985885888746699
Source: cqHMm0ykDG.exe	Static PE information: section name: xocmleeq entropy: 7.952773735279353

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: Regmonclass	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 67901E second address: 679025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 679025 second address: 678945 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BDCF4D0CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b pushad 0x0000000c je 00007F8BDCF4D0CBh 0x00000012 sbb di, 0F95h 0x00000017 jp 00007F8BDCF4D0C8h 0x0000001d popad 0x0000001e push dword ptr [ebp+122D14F1h] 0x00000024 cmc 0x00000025 pushad 0x00000026 and ecx, dword ptr [ebp+122D2AADh] 0x0000002c mov dword ptr [ebp+122D1DA5h], ebx 0x00000032 popad 0x00000033 call dword ptr [ebp+122D2D12h] 0x00000039 pushad 0x0000003a je 00007F8BDCF4D0CCh 0x00000040 xor eax, eax 0x00000042 mov dword ptr [ebp+122D2643h], eax 0x00000048 mov edx, dword ptr [esp+28h] 0x0000004c cmc 0x0000004d mov dword ptr [ebp+122D28ADh], eax 0x00000053 cld 0x00000054 sub dword ptr [ebp+122D2643h], ecx 0x0000005a mov esi, 0000003Ch 0x0000005f jns 00007F8BDCF4D0C7h 0x00000065 cmc 0x00000066 add esi, dword ptr [esp+24h] 0x0000006a mov dword ptr [ebp+122D2643h], esi 0x00000070 lodsw 0x00000072 add dword ptr [ebp+122D2643h], edi 0x00000078 add eax, dword ptr [esp+24h] 0x0000007c jmp 00007F8BDCF4D0D1h 0x00000081 mov ebx, dword ptr [esp+24h] 0x00000085 jmp 00007F8BDCF4D0D8h 0x0000008a push eax 0x0000008b jbe 00007F8BDCF4D0D0h 0x00000091 pushad 0x00000092 push esi 0x00000093 pop esi 0x00000094 push eax 0x00000095 push edx 0x00000096 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EC298 second address: 7EC2BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jnp 00007F8BDCCD3336h 0x0000000e jnl 00007F8BDCCD3336h 0x00000014 popad 0x00000015 jmp 00007F8BDCCD333Ah 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EC2BB second address: 7EC2BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EC2BF second address: 7EC2C9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8BDCCD3336h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7E4348 second address: 7E4353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7E4353 second address: 7E4357 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EB317 second address: 7EB31B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EB31B second address: 7EB33D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCCD3344h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jc 00007F8BDCCD3336h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EB59E second address: 7EB5B1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F8BDCF4D0C8h 0x0000000c pop eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EB6F1 second address: 7EB71D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCCD3348h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8BDCCD333Eh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EB71D second address: 7EB721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EBB74 second address: 7EBB99 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8BDCCD3346h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EBB99 second address: 7EBB9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED431 second address: 7ED437 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED437 second address: 678945 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 078C1CA8h 0x00000011 jnl 00007F8BDCB7BDB8h 0x00000017 mov ch, 65h 0x00000019 push dword ptr [ebp+122D14F1h] 0x0000001f xor esi, dword ptr [ebp+122D2991h] 0x00000025 call dword ptr [ebp+122D2D12h] 0x0000002b pushad 0x0000002c je 00007F8BDCB7BDBCh 0x00000032 sub dword ptr [ebp+122D2643h], esi 0x00000038 xor eax, eax 0x0000003a mov dword ptr [ebp+122D2643h], eax 0x00000040 mov edx, dword ptr [esp+28h] 0x00000044 cmc 0x00000045 mov dword ptr [ebp+122D28ADh], eax 0x0000004b cld 0x0000004c sub dword ptr [ebp+122D2643h], ecx 0x00000052 mov esi, 0000003Ch 0x00000057 jns 00007F8BDCB7BDB7h 0x0000005d cmc 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 mov dword ptr [ebp+122D2643h], esi 0x00000068 lodsw 0x0000006a add dword ptr [ebp+122D2643h], edi 0x00000070 add eax, dword ptr [esp+24h] 0x00000074 jmp 00007F8BDCB7BDC1h 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d jmp 00007F8BDCB7BDC8h 0x00000082 push eax 0x00000083 jbe 00007F8BDCB7BDC0h 0x00000089 pushad 0x0000008a push esi 0x0000008b pop esi 0x0000008c push eax 0x0000008d push edx 0x0000008e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED4EA second address: 7ED53F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e ja 00007F8BDCE9EA90h 0x00000014 mov eax, dword ptr [eax] 0x00000016 pushad 0x00000017 ja 00007F8BDCE9EA88h 0x0000001d push ecx 0x0000001e jmp 00007F8BDCE9EA8Dh 0x00000023 pop ecx 0x00000024 popad 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F8BDCE9EA96h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED53F second address: 7ED58F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8BDCB7BDC9h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c jmp 00007F8BDCB7BDC2h 0x00000011 push 00000003h 0x00000013 mov ecx, dword ptr [ebp+122D18EFh] 0x00000019 push 00000000h 0x0000001b mov dl, bl 0x0000001d push 00000003h 0x0000001f cld 0x00000020 push EE164B11h 0x00000025 push eax 0x00000026 push edx 0x00000027 jc 00007F8BDCB7BDB8h 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED669 second address: 7ED6BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 movzx edi, cx 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F8BDCE9EA88h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 and ecx, 5E865D2Ch 0x0000002e push 4B5A0C5Bh 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F8BDCE9EA97h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED6BA second address: 7ED761 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8BDCB7BDC4h 0x00000008 jne 00007F8BDCB7BDB6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xor dword ptr [esp], 4B5A0CDBh 0x00000018 mov dword ptr [ebp+122D2DD9h], ebx 0x0000001e push 00000003h 0x00000020 cmc 0x00000021 push 00000000h 0x00000023 mov cx, DB00h 0x00000027 push 00000003h 0x00000029 push 00000000h 0x0000002b push ebx 0x0000002c call 00007F8BDCB7BDB8h 0x00000031 pop ebx 0x00000032 mov dword ptr [esp+04h], ebx 0x00000036 add dword ptr [esp+04h], 00000019h 0x0000003e inc ebx 0x0000003f push ebx 0x00000040 ret 0x00000041 pop ebx 0x00000042 ret 0x00000043 mov si, F18Ah 0x00000047 sub ecx, dword ptr [ebp+122D2CA1h] 0x0000004d call 00007F8BDCB7BDB9h 0x00000052 jmp 00007F8BDCB7BDC6h 0x00000057 push eax 0x00000058 push ecx 0x00000059 pushad 0x0000005a jno 00007F8BDCB7BDB6h 0x00000060 js 00007F8BDCB7BDB6h 0x00000066 popad 0x00000067 pop ecx 0x00000068 mov eax, dword ptr [esp+04h] 0x0000006c pushad 0x0000006d jbe 00007F8BDCB7BDBCh 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED761 second address: 7ED7E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b pushad 0x0000000c jnc 00007F8BDCE9EA86h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jo 00007F8BDCE9EA86h 0x0000001e popad 0x0000001f popad 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push esi 0x00000025 jne 00007F8BDCE9EA8Ch 0x0000002b pop esi 0x0000002c pop eax 0x0000002d jmp 00007F8BDCE9EA95h 0x00000032 lea ebx, dword ptr [ebp+1244839Fh] 0x00000038 jmp 00007F8BDCE9EA99h 0x0000003d xchg eax, ebx 0x0000003e jne 00007F8BDCE9EA90h 0x00000044 push eax 0x00000045 push ebx 0x00000046 jnl 00007F8BDCE9EA8Ch 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED865 second address: 7ED8A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F8BDCB7BDB6h 0x00000009 jmp 00007F8BDCB7BDC6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push edx 0x00000014 jmp 00007F8BDCB7BDC9h 0x00000019 pop edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED8A7 second address: 7ED8AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED967 second address: 7ED99C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB7BDC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8BDCB7BDC9h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80E8B2 second address: 80E8B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80E8B6 second address: 80E8C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F8BDCB7BDB8h 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80E8C4 second address: 80E8CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80EA80 second address: 80EA8D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80ED64 second address: 80ED68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80ED68 second address: 80ED6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80EEE6 second address: 80EEEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F074 second address: 80F08B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB7BDC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F21F second address: 80F223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F223 second address: 80F227 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F227 second address: 80F237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jc 00007F8BDCE9EA8Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F504 second address: 80F514 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8BDCB7BDB6h 0x00000008 jo 00007F8BDCB7BDB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F514 second address: 80F54F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE9EA96h 0x00000007 jmp 00007F8BDCE9EA8Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jo 00007F8BDCE9EA88h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push edi 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a jbe 00007F8BDCE9EA86h 0x00000020 pop edi 0x00000021 push eax 0x00000022 push edx 0x00000023 push ebx 0x00000024 pop ebx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F54F second address: 80F553 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 805FEB second address: 805FF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F67A second address: 80F68B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a jnl 00007F8BDCB7BDB6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F68B second address: 80F69C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCE9EA8Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F69C second address: 80F6BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB7BDC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F8BDCB7BDB6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FC9E second address: 80FCAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F8BDCE9EA86h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FCAA second address: 80FCAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FDD2 second address: 80FDD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FDD6 second address: 80FDFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F8BDCB7BDBFh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FDFC second address: 80FE00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE00 second address: 80FE04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE04 second address: 80FE24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE9EA94h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE24 second address: 80FE28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE28 second address: 80FE2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE2E second address: 80FE40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCB7BDBCh 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE40 second address: 80FE44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FF8B second address: 80FFA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8BDCB7BDC1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FFA6 second address: 80FFAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FFAC second address: 80FFB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 810391 second address: 8103A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8BDCE9EA86h 0x0000000a pop esi 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8103A4 second address: 8103A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8119A2 second address: 8119A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8129FB second address: 8129FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8129FF second address: 812A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 812A08 second address: 812A0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 812A0E second address: 812A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jnp 00007F8BDCE9EA91h 0x0000000e jmp 00007F8BDCE9EA8Bh 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 812A2A second address: 812A52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCB7BDC0h 0x00000009 popad 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jo 00007F8BDCB7BDBCh 0x00000017 jbe 00007F8BDCB7BDB6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 812A52 second address: 812A65 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BDCE9EA88h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 812A65 second address: 812A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81D49E second address: 81D4A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81D4A2 second address: 81D4B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCB7BDBAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81C83E second address: 81C862 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8BDCE9EA90h 0x00000008 jmp 00007F8BDCE9EA8Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81CB61 second address: 81CB67 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81CB67 second address: 81CB6C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81CB6C second address: 81CBA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 ja 00007F8BDCB7BDBAh 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 ja 00007F8BDCB7BDD1h 0x00000019 jne 00007F8BDCB7BDB6h 0x0000001f jmp 00007F8BDCB7BDC5h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81CD14 second address: 81CD25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8BDCE9EA86h 0x0000000a jng 00007F8BDCE9EA86h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81D16F second address: 81D173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81D173 second address: 81D1A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jno 00007F8BDCE9EA86h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F8BDCE9EA88h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 pop eax 0x00000019 jmp 00007F8BDCE9EA98h 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81D1A8 second address: 81D1C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8BDCB7BDC6h 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8202B4 second address: 8202BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 820909 second address: 82093F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jne 00007F8BDCB7BDC7h 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 jg 00007F8BDCB7BDBCh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82093F second address: 8209AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jp 00007F8BDCE9EA9Bh 0x00000011 push eax 0x00000012 jmp 00007F8BDCE9EA93h 0x00000017 pop eax 0x00000018 pop eax 0x00000019 mov edi, dword ptr [ebp+122D2D0Dh] 0x0000001f call 00007F8BDCE9EA89h 0x00000024 pushad 0x00000025 jmp 00007F8BDCE9EA98h 0x0000002a push edi 0x0000002b jnp 00007F8BDCE9EA86h 0x00000031 pop edi 0x00000032 popad 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 jmp 00007F8BDCE9EA91h 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8209AE second address: 8209B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8209B3 second address: 8209D8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8BDCE9EA88h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jnc 00007F8BDCE9EA8Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 jnc 00007F8BDCE9EA86h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8209D8 second address: 8209E6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8209E6 second address: 8209F3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8BDCE9EA86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 820CFF second address: 820D03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 820F26 second address: 820F3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCE9EA90h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 820F3A second address: 820F52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F8BDCB7BDBAh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 820FF5 second address: 82101B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F8BDCE9EA92h 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push ecx 0x00000010 jng 00007F8BDCE9EA86h 0x00000016 pop ecx 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821149 second address: 821153 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F8BDCB7BDB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821153 second address: 821166 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F8BDCE9EA88h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821655 second address: 821659 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82175A second address: 82175F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8218F2 second address: 8218F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8219E4 second address: 8219EE instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8BDCE9EA86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821AA1 second address: 821AA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821AA7 second address: 821AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821B6C second address: 821B70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821B70 second address: 821B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 822C0D second address: 822C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 823CE1 second address: 823CE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8233DA second address: 8233E0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 823CE5 second address: 823D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F8BDCB84978h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 mov dword ptr [ebp+124522B9h], ecx 0x0000002c or dword ptr [ebp+122D2770h], ecx 0x00000032 mov edi, esi 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edi 0x00000039 call 00007F8BDCB84978h 0x0000003e pop edi 0x0000003f mov dword ptr [esp+04h], edi 0x00000043 add dword ptr [esp+04h], 00000019h 0x0000004b inc edi 0x0000004c push edi 0x0000004d ret 0x0000004e pop edi 0x0000004f ret 0x00000050 adc di, 0F87h 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F8BDCB8497Ah 0x0000005f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 823D59 second address: 823D5F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 825211 second address: 825225 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB84980h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 825042 second address: 82504F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8BDCE92686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 825CB3 second address: 825CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8273F6 second address: 8273FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82A0CC second address: 82A0D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82A0D0 second address: 82A0D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82A5AB second address: 82A5B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8BDCB84976h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82C5C4 second address: 82C5C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82C5C8 second address: 82C636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007F8BDCB84976h 0x0000000d jnc 00007F8BDCB84976h 0x00000013 popad 0x00000014 popad 0x00000015 nop 0x00000016 mov bx, si 0x00000019 cmc 0x0000001a push 00000000h 0x0000001c mov edi, dword ptr [ebp+122D2B2Dh] 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push eax 0x00000027 call 00007F8BDCB84978h 0x0000002c pop eax 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 add dword ptr [esp+04h], 0000001Bh 0x00000039 inc eax 0x0000003a push eax 0x0000003b ret 0x0000003c pop eax 0x0000003d ret 0x0000003e sub dword ptr [ebp+12445B29h], eax 0x00000044 jmp 00007F8BDCB8497Fh 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F8BDCB8497Fh 0x00000051 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82D5B9 second address: 82D5C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F8BDCE92686h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82D5C3 second address: 82D5C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82658D second address: 826597 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82F3EC second address: 82F3F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82F3F9 second address: 82F3FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 83042F second address: 830435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 830435 second address: 83045C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F8BDCE92698h 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e push esi 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 827CA8 second address: 827CAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 827CAF second address: 827CB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 835C07 second address: 835C0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 836BB7 second address: 836BBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 836BBC second address: 836C33 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov ebx, 32F1E512h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F8BDCB84978h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c pushad 0x0000002d call 00007F8BDCB84988h 0x00000032 call 00007F8BDCB84980h 0x00000037 pop esi 0x00000038 pop eax 0x00000039 mov esi, 5BD154BFh 0x0000003e popad 0x0000003f mov ebx, eax 0x00000041 push 00000000h 0x00000043 stc 0x00000044 xchg eax, esi 0x00000045 je 00007F8BDCB84988h 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 836C33 second address: 836C37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 836C37 second address: 836C3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 837B67 second address: 837B6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82F6BA second address: 82F6C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 833CF4 second address: 833D96 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F8BDCE92696h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov ebx, 5751DA69h 0x00000013 sub bl, FFFFFF9Ch 0x00000016 push dword ptr fs:[00000000h] 0x0000001d mov ebx, esi 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 sbb edi, 50296C36h 0x0000002c mov eax, dword ptr [ebp+122D00EDh] 0x00000032 mov edi, dword ptr [ebp+122D1A0Ah] 0x00000038 push FFFFFFFFh 0x0000003a push 00000000h 0x0000003c push ecx 0x0000003d call 00007F8BDCE92688h 0x00000042 pop ecx 0x00000043 mov dword ptr [esp+04h], ecx 0x00000047 add dword ptr [esp+04h], 00000018h 0x0000004f inc ecx 0x00000050 push ecx 0x00000051 ret 0x00000052 pop ecx 0x00000053 ret 0x00000054 push edx 0x00000055 jnc 00007F8BDCE92693h 0x0000005b pop ebx 0x0000005c push ecx 0x0000005d mov edi, dword ptr [ebp+122D2899h] 0x00000063 pop ebx 0x00000064 nop 0x00000065 pushad 0x00000066 jg 00007F8BDCE92688h 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F8BDCE9268Eh 0x00000073 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 833D96 second address: 833DAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8BDCB8497Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 831784 second address: 83178A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 835D38 second address: 835D4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCB84981h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 835D4E second address: 835D54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 835D54 second address: 835D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 837D30 second address: 837D39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 838C53 second address: 838C72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB84983h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 839CC7 second address: 839CD7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BDCE92686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 839CD7 second address: 839CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 839CDF second address: 839CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 83ABDC second address: 83ABE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 83ABE0 second address: 83AC17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92697h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F8BDCE92691h 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 jp 00007F8BDCE9268Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 83AC17 second address: 83AC23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007F8BDCB84976h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843F23 second address: 843F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843F29 second address: 843F45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007F8BDCB84983h 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843F45 second address: 843F73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE9268Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8BDCE92698h 0x0000000e jp 00007F8BDCE92686h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7E5E1C second address: 7E5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843643 second address: 843657 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BDCE92686h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jno 00007F8BDCE92686h 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8437A6 second address: 8437AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843951 second address: 843955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843955 second address: 843959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843959 second address: 84395F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843AD6 second address: 843AF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB8497Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8BDCB8497Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843AF7 second address: 843AFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843AFD second address: 843B0F instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BDCB84976h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843B0F second address: 843B13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 848D0C second address: 848D19 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 848F3A second address: 848F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 848F3E second address: 848F5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8BDCB8497Eh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F8BDCB84976h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 848F5E second address: 848F64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84D49E second address: 84D4A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8BDCB84976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84D4A8 second address: 84D4B7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8BDCE92686h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84D4B7 second address: 84D4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84DD6D second address: 84DD86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92695h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84DD86 second address: 84DD8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84DD8C second address: 84DD9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE9268Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84DD9F second address: 84DDA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E093 second address: 84E099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E099 second address: 84E09D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E09D second address: 84E0B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92697h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E263 second address: 84E268 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E268 second address: 84E290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE92691h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007F8BDCE926B6h 0x00000012 jo 00007F8BDCE9268Eh 0x00000018 push edx 0x00000019 pop edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E290 second address: 84E299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8546E8 second address: 8546EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7DD648 second address: 7DD64C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7DD64C second address: 7DD663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE92691h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853243 second address: 85325C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCB84983h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85351D second address: 853522 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8537F7 second address: 853800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853800 second address: 85381A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jmp 00007F8BDCE9268Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85381A second address: 85381E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853D51 second address: 853D60 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8BDCE9268Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853ED1 second address: 853ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853ED6 second address: 853EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853EDC second address: 853EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853EE0 second address: 853EE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853EE4 second address: 853F17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F8BDCB84981h 0x00000012 jng 00007F8BDCB84976h 0x00000018 popad 0x00000019 jng 00007F8BDCB8497Eh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853F17 second address: 853F1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853F1D second address: 853F21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8540AB second address: 8540C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8BDCE9268Ah 0x0000000d jnp 00007F8BDCE9268Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8540C5 second address: 8540C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8540C9 second address: 8540CE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85B169 second address: 85B1B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB84981h 0x00000007 jmp 00007F8BDCB84980h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F8BDCB8497Eh 0x00000013 push ecx 0x00000014 jmp 00007F8BDCB84982h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85B1B1 second address: 85B1C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 ja 00007F8BDCE926AAh 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F8BDCE92686h 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E30A second address: 81E30E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E30E second address: 81E314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E314 second address: 81E330 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCB84988h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E330 second address: 81E334 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E334 second address: 81E346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a jnl 00007F8BDCB8497Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E346 second address: 81E3A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jmp 00007F8BDCE92693h 0x0000000e mov eax, dword ptr [eax] 0x00000010 push ebx 0x00000011 push edi 0x00000012 jmp 00007F8BDCE9268Ch 0x00000017 pop edi 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d jmp 00007F8BDCE92695h 0x00000022 pop eax 0x00000023 mov dword ptr [ebp+122D2650h], ecx 0x00000029 push FC3B7626h 0x0000002e push edi 0x0000002f jc 00007F8BDCE9268Ch 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E7E9 second address: 81E814 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8BDCB8497Ch 0x00000008 jbe 00007F8BDCB84976h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov ecx, dword ptr [ebp+12452376h] 0x00000017 push 00000004h 0x00000019 jns 00007F8BDCB8497Ch 0x0000001f nop 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E814 second address: 81E81A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E81A second address: 81E81F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EB1F second address: 81EB24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EB24 second address: 81EB57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F8BDCB84986h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov dword ptr [ebp+124466D2h], esi 0x00000014 push 0000001Eh 0x00000016 cld 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jbe 00007F8BDCB84976h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EB57 second address: 81EB61 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8BDCE92686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EF5D second address: 81EF63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EF63 second address: 81EF69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EF69 second address: 81EFEF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jne 00007F8BDCB84984h 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F8BDCB84978h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D2643h], ecx 0x00000030 lea eax, dword ptr [ebp+12478A09h] 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007F8BDCB84978h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jnl 00007F8BDCB8498Ah 0x00000059 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EFEF second address: 806BCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92690h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov edx, dword ptr [ebp+122D264Ah] 0x00000012 sbb cx, 130Eh 0x00000017 call dword ptr [ebp+122D1C6Bh] 0x0000001d jmp 00007F8BDCE92694h 0x00000022 push eax 0x00000023 push edx 0x00000024 jp 00007F8BDCE9268Eh 0x0000002a pushad 0x0000002b popad 0x0000002c jc 00007F8BDCE92686h 0x00000032 push ecx 0x00000033 pushad 0x00000034 popad 0x00000035 pop ecx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BBA7 second address: 85BBBB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8BDCB8497Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BBBB second address: 85BBC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BBC1 second address: 85BBC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BCCD second address: 85BCD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BCD2 second address: 85BCDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F8BDCB84976h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BCDF second address: 85BCF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F8BDCE9268Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BCF8 second address: 85BD0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB8497Ah 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BE53 second address: 85BE73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92698h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 864FE4 second address: 864FE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 864FE9 second address: 864FFA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 864FFA second address: 865000 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 865416 second address: 86541B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86589C second address: 8658AB instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8BDCB84976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8658AB second address: 8658B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86988F second address: 869893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 869893 second address: 8698B4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8BDCE92686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F8BDCE92697h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8698B4 second address: 8698F6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnl 00007F8BDCB84976h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007F8BDCB84988h 0x00000015 popad 0x00000016 jo 00007F8BDCB84978h 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007F8BDCB8497Eh 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 869A4C second address: 869A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F8BDCE9268Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8BDCE9268Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 869A6F second address: 869A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 869BC7 second address: 869BCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86C4E9 second address: 86C4EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86C071 second address: 86C075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86C075 second address: 86C08A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB8497Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86C08A second address: 86C09A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 jnp 00007F8BDCE926A2h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86C09A second address: 86C09E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86FBC0 second address: 86FBC8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86FBC8 second address: 86FBCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86FBCE second address: 86FBD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 87515D second address: 875173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8BDCB84981h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 875173 second address: 87519F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92696h 0x00000007 pushad 0x00000008 jmp 00007F8BDCE9268Dh 0x0000000d pushad 0x0000000e popad 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8755A6 second address: 8755AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8755AA second address: 8755AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 87A3A4 second address: 87A3AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 87A3AA second address: 87A3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 87A3AE second address: 87A3BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push ebx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 879C8B second address: 879C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 879C8F second address: 879C93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 879C93 second address: 879CA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007F8BDCE92686h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 879E34 second address: 879E38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 879F46 second address: 879F4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 88286B second address: 882872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 880CA1 second address: 880CA7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 880CA7 second address: 880CAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 880CAF second address: 880CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 880CB3 second address: 880CB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 880CB7 second address: 880CC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8811ED second address: 8811F3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8811F3 second address: 8811FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8811FB second address: 881205 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8BDCB84976h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8814EA second address: 8814EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8814EE second address: 8814F4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8817CA second address: 8817E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE92694h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8817E2 second address: 881804 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8BDCB84976h 0x00000008 jg 00007F8BDCB84976h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8BDCB84980h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E93F second address: 81E943 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 881A52 second address: 881A58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 881A58 second address: 881A5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 881A5C second address: 881A60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 881A60 second address: 881A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE9268Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 881A72 second address: 881AB4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 jg 00007F8BDCB84976h 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 je 00007F8BDCB84976h 0x00000018 ja 00007F8BDCB84976h 0x0000001e popad 0x0000001f jmp 00007F8BDCB84989h 0x00000024 push eax 0x00000025 push edx 0x00000026 jo 00007F8BDCB84976h 0x0000002c push eax 0x0000002d pop eax 0x0000002e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 88771F second address: 887723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 887723 second address: 88772F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 88772F second address: 88773E instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BDCE92686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886B4D second address: 886B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8BDCB84976h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886E24 second address: 886E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886E29 second address: 886E4C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8BDCB84984h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jnc 00007F8BDCB84976h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886E4C second address: 886E53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886FBE second address: 886FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886FC2 second address: 886FC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8872F8 second address: 8872FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8872FD second address: 887334 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE9268Fh 0x00000007 push eax 0x00000008 jmp 00007F8BDCE92693h 0x0000000d jmp 00007F8BDCE9268Bh 0x00000012 pop eax 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 88C347 second address: 88C350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 88F59C second address: 88F5B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE9268Dh 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7D69C3 second address: 7D69E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F8BDCB84988h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 895AFB second address: 895AFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 895D82 second address: 895D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 895D86 second address: 895D90 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 895EC2 second address: 895ED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jng 00007F8BDCB8497Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8961C0 second address: 8961C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8961C6 second address: 8961D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F8BDCB84976h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8961D6 second address: 8961F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92697h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 896499 second address: 8964A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8964A0 second address: 8964B2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jno 00007F8BDCE92686h 0x00000009 pop ebx 0x0000000a jg 00007F8BDCE9268Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 896E6F second address: 896E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 896E75 second address: 896E81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8BDCE92686h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 899C37 second address: 899C4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 ja 00007F8BDCB84976h 0x0000000c jp 00007F8BDCB84976h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 89CA2F second address: 89CA41 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F8BDCE9268Bh 0x00000008 pop edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 89CA41 second address: 89CA47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A156C second address: 8A1570 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A169F second address: 8A16B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8BDCB8497Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A182B second address: 8A1863 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92691h 0x00000007 jmp 00007F8BDCE92694h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F8BDCE9268Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A1863 second address: 8A187E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCB84987h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A187E second address: 8A1882 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A1882 second address: 8A18A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007F8BDCB84986h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A18A5 second address: 8A18FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92693h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F8BDCE9268Eh 0x00000010 push esi 0x00000011 jmp 00007F8BDCE92696h 0x00000016 jmp 00007F8BDCE92694h 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A18FC second address: 8A1906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8BDCB84976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A879D second address: 8A87C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8BDCE92686h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F8BDCE92695h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8ADC8D second address: 8ADCE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB84984h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F8BDCB8497Eh 0x00000011 ja 00007F8BDCB84976h 0x00000017 pushad 0x00000018 popad 0x00000019 push ecx 0x0000001a pushad 0x0000001b popad 0x0000001c pop ecx 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 jl 00007F8BDCB8497Eh 0x00000026 push ecx 0x00000027 pop ecx 0x00000028 jnp 00007F8BDCB84976h 0x0000002e pushad 0x0000002f pushad 0x00000030 popad 0x00000031 pushad 0x00000032 popad 0x00000033 jmp 00007F8BDCB84985h 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8ADCE5 second address: 8ADCF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F8BDCE92686h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B0A1E second address: 8B0A22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B0A22 second address: 8B0A28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B075D second address: 8B0761 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B0761 second address: 8B0771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007F8BDCE92686h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B0771 second address: 8B0775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B5B58 second address: 8B5B91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F8BDCE92686h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F8BDCE92697h 0x00000011 jl 00007F8BDCE9268Ah 0x00000017 pushad 0x00000018 popad 0x00000019 push esi 0x0000001a pop esi 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pushad 0x00000020 popad 0x00000021 pop eax 0x00000022 push esi 0x00000023 pushad 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B5B91 second address: 8B5B96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B5B96 second address: 8B5BB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCE92696h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B5579 second address: 8B5581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B571D second address: 8B5723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8BCED2 second address: 8BCEED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB8497Bh 0x00000007 jne 00007F8BDCB84976h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8C749D second address: 8C74B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92698h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8CB7DA second address: 8CB7E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F8BDCB84976h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8CB7E9 second address: 8CB7ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8CB7ED second address: 8CB807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F8BDCB84981h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D1873 second address: 8D187D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D187D second address: 8D1881 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D0669 second address: 8D066E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D1593 second address: 8D15B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F8BDCB84976h 0x00000011 jmp 00007F8BDCB8497Fh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D15B3 second address: 8D15B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D52A0 second address: 8D52A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D52A4 second address: 8D52A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D4E41 second address: 8D4E63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCB84988h 0x00000009 jnc 00007F8BDCB84976h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D4E63 second address: 8D4E7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE9268Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F8BDCE92686h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D4E7C second address: 8D4E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D4E80 second address: 8D4E84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8F18A6 second address: 8F18AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 906B7E second address: 906B99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE92697h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 906B99 second address: 906BA8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8BDCB84976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 907117 second address: 90711D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 9074CD second address: 9074D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 9074D3 second address: 9074D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 9074D8 second address: 9074E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F8BDCB84976h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 9074E4 second address: 907501 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F8BDCE92694h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 907501 second address: 907507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 90A690 second address: 90A69F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F8BDCE92686h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8236BA second address: 8236BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Special instruction interceptor: First address: 67899A instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Code function: 0_2_0067C694 rdtsc

0_2_0067C694

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe TID: 4308	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe TID: 616	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: cqHMm0ykDG.exe, cqHMm0ykDG.exe, 00000000.00000002.2182216230.00000000007F4000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: cqHMm0ykDG.exe, 00000000.00000002.2182873624.0000000001399000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000003.2181338396.0000000001399000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: cqHMm0ykDG.exe, 00000000.00000003.2181718523.00000000013D6000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182999910.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: cqHMm0ykDG.exe, 00000000.00000003.2181718523.00000000013D6000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182999910.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: cqHMm0ykDG.exe, 00000000.00000002.2182216230.00000000007F4000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	File opened: NTICE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	File opened: SICE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Code function: 0_2_0067C694 rdtsc

0_2_0067C694

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Code function: 0_2_0065E110 LdrInitializeThunk,

0_2_0065E110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: cqHMm0ykDG.exe	String found in binary or memory: hummskitnj.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: cashfuzysao.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: appliacnesot.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: screwamusresz.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: inherineau.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: scentniej.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: rebuildeso.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: prisonyfork.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: mindhandru.buzz

Source: cqHMm0ykDG.exe, cqHMm0ykDG.exe, 00000000.00000002.2182216230.00000000007F4000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: xProgram Manager

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.11.101	mindhandru.buzz	United States		13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
mindhandru.buzz	104.21.11.101	true

Contacted URLs

Name	Malicious	Reputation
scentniej.buzz	false	high
prisonyfork.buzz	false	high
rebuildeso.buzz	false	high
hummskitnj.buzz	false	high
appliacnesot.buzz	false	high
screwamusresz.buzz	false	high
mindhandru.buzz	false	high
cashfuzysao.buzz	false	high
inherineau.buzz	false	high
https://mindhandru.buzz/api	false	high

AV Detection

Antivirus / Scanner detection for submitted sample

Source: cqHMm0ykDG.exe

Avira: detected

Found malware configuration

Source: cqHMm0ykDG.exe.4836.0.memstrmin

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: cqHMm0ykDG.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: hummskitnj.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: cashfuzysao.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: appliacnesot.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: screwamusresz.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: inherineau.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: scentniej.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: rebuildeso.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: prisonyfork.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: mindhandru.buzz
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.2139502755.0000000005130000.00000004.00001000.00020000.00000000.sdmp	String decryptor: PsFKDg--pablo

Uses 32bit PE files

Source: cqHMm0ykDG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.5:49704 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ebx	0_2_00628600
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_00661720
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then lea esi, dword ptr [eax+00000270h]	0_2_00628A50
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064C0E6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov esi, ecx	0_2_006490D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064E0DA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064C09E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]	0_2_00661160
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov eax, dword ptr [00666130h]	0_2_00638169
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_0064B170
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0064D17D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064C09E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0064D116
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006481CC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00656210
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00660340
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064D34A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0063C300
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_006273D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_006273D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006483D8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]	0_2_0064C465
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064C465
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0063747D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov word ptr [edx], di	0_2_0063747D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov eax, ebx	0_2_00647440
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]	0_2_00647440
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]	0_2_0063B57D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00648528
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edi, ecx	0_2_0064A5B6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-16h]	0_2_006606F0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]	0_2_00647740
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then jmp eax	0_2_00649739
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then jmp edx	0_2_006437D6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov dword ptr [esp+20h], eax	0_2_00629780
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0064C850
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00642830
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]	0_2_0065C830
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then push esi	0_2_0062C805
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ecx	0_2_0063B8F6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ecx	0_2_0063B8F6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0063D8D8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0063D8D8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov eax, ebx	0_2_0063C8A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]	0_2_0063C8A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]	0_2_0063C8A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]	0_2_0063C8A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0063D8AC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0063D8AC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_006489E9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then jmp edx	0_2_006439B9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_006439B9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0064B980
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h	0_2_0065C990
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h	0_2_0065CA40
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then dec edx	0_2_0065FA20
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00641A10
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_0064AAC0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]	0_2_0062AB40
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then dec edx	0_2_0065FB10
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ecx	0_2_00638B1B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]	0_2_0063EB80
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edi, dword ptr [esi+30h]	0_2_0062CC7A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	0_2_00634CA0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then dec edx	0_2_0065FD70
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]	0_2_00660D20
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ecx	0_2_00646D2E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_0065CDF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]	0_2_0065CDF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	0_2_0065CDF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h	0_2_0065CDF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064DDFF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]	0_2_0065EDC1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_00642E6D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then jmp edx	0_2_00642E6D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx ecx, byte ptr [edx+eax]	0_2_00642E6D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0064DE07
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then dec edx	0_2_0065FE00
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]	0_2_00622EB0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edx, ecx	0_2_00649E80
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00636F52
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov ecx, eax	0_2_0064BF13
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 4x nop then mov edi, dword ptr [esp+28h]	0_2_00645F1B

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 104.21.11.101:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: rebuildeso.buzz
Source: Malware configuration extractor	URLs: scentniej.buzz
Source: Malware configuration extractor	URLs: screwamusresz.buzz
Source: Malware configuration extractor	URLs: inherineau.buzz
Source: Malware configuration extractor	URLs: mindhandru.buzz
Source: Malware configuration extractor	URLs: cashfuzysao.buzz
Source: Malware configuration extractor	URLs: hummskitnj.buzz
Source: Malware configuration extractor	URLs: appliacnesot.buzz
Source: Malware configuration extractor	URLs: prisonyfork.buzz

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 104.21.11.101 104.21.11.101

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.11.101:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 104.21.11.101:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: mindhandru.buzz

Source: unknown

Source: cqHMm0ykDG.exe, 00000000.00000003.2181536592.000000000141F000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000003.2181338396.0000000001403000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: cqHMm0ykDG.exe, 00000000.00000003.2181718523.00000000013D6000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182999910.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/
Source: cqHMm0ykDG.exe, 00000000.00000003.2181338396.0000000001403000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182814366.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/api
Source: cqHMm0ykDG.exe, 00000000.00000003.2181567778.0000000001403000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182999910.0000000001403000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000003.2181338396.0000000001403000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/apill
Source: cqHMm0ykDG.exe, 00000000.00000003.2181338396.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182926802.00000000013B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/d
Source: cqHMm0ykDG.exe, 00000000.00000003.2181718523.00000000013D6000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182999910.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz/pie
Source: cqHMm0ykDG.exe, 00000000.00000003.2181338396.00000000013B3000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182926802.00000000013B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mindhandru.buzz:443/api

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 104.21.11.101:443 -> 192.168.2.5:49704 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: cqHMm0ykDG.exe	Static PE information: section name:
Source: cqHMm0ykDG.exe	Static PE information: section name: .idata
Source: cqHMm0ykDG.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00628600	0_2_00628600
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C606D	0_2_006C606D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C0063	0_2_006C0063
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BC070	0_2_006BC070
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070C06B	0_2_0070C06B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E5072	0_2_006E5072
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DC04C	0_2_006DC04C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D6047	0_2_006D6047
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DA042	0_2_006DA042
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FF051	0_2_006FF051
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062D021	0_2_0062D021
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EF032	0_2_006EF032
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063D003	0_2_0063D003
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B7001	0_2_006B7001
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FD004	0_2_006FD004
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C701C	0_2_006C701C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00704000	0_2_00704000
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AB01E	0_2_006AB01E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C30EC	0_2_006C30EC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064C0E6	0_2_0064C0E6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006360E9	0_2_006360E9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FC0FE	0_2_006FC0FE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006920F5	0_2_006920F5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CE0F1	0_2_006CE0F1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064A0CA	0_2_0064A0CA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C20DA	0_2_006C20DA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007020BF	0_2_007020BF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069D0B6	0_2_0069D0B6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE	0_2_007100AE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F208F	0_2_006F208F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D008E	0_2_006D008E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064C09E	0_2_0064C09E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00626160	0_2_00626160
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B7169	0_2_006B7169
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D2168	0_2_006D2168
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00638169	0_2_00638169
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AD15A	0_2_006AD15A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006ED158	0_2_006ED158
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064C09E	0_2_0064C09E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F8130	0_2_006F8130
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062B100	0_2_0062B100
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F011A	0_2_006F011A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A11FE	0_2_006A11FE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006481CC	0_2_006481CC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068F1C5	0_2_0068F1C5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FB1D8	0_2_006FB1D8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069F1D0	0_2_0069F1D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EE1D1	0_2_006EE1D1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068A1A8	0_2_0068A1A8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070A1B3	0_2_0070A1B3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070B1B7	0_2_0070B1B7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006491AE	0_2_006491AE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B518A	0_2_006B518A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064E180	0_2_0064E180
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065F18B	0_2_0065F18B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BD19E	0_2_006BD19E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00704189	0_2_00704189
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00700270	0_2_00700270
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068D26D	0_2_0068D26D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070727E	0_2_0070727E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00624270	0_2_00624270
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069624E	0_2_0069624E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C8245	0_2_006C8245
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069A25C	0_2_0069A25C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063E220	0_2_0063E220
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00631227	0_2_00631227
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AB225	0_2_006AB225
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CD23C	0_2_006CD23C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00703226	0_2_00703226
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00699235	0_2_00699235
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C5231	0_2_006C5231
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069120A	0_2_0069120A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069720F	0_2_0069720F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0071521A	0_2_0071521A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B421B	0_2_006B421B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069E215	0_2_0069E215
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FA2E5	0_2_006FA2E5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D52F2	0_2_007D52F2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F32F8	0_2_006F32F8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BF2C9	0_2_006BF2C9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006442D0	0_2_006442D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CC2D4	0_2_006CC2D4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D22C6	0_2_007D22C6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DB2AD	0_2_006DB2AD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006812AE	0_2_006812AE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068B2A2	0_2_0068B2A2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E92A2	0_2_006E92A2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00659280	0_2_00659280
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007E1295	0_2_007E1295
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D8280	0_2_006D8280
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069C29F	0_2_0069C29F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A8366	0_2_006A8366
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064F377	0_2_0064F377
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00706368	0_2_00706368
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E5377	0_2_006E5377
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A0370	0_2_006A0370
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C9376	0_2_006C9376
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00641340	0_2_00641340
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064D34A	0_2_0064D34A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AF359	0_2_006AF359
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E132D	0_2_006E132D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070D326	0_2_0070D326
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E3334	0_2_006E3334
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CA337	0_2_006CA337
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00687304	0_2_00687304
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00629310	0_2_00629310
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006863ED	0_2_006863ED
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AA3E2	0_2_006AA3E2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F23E0	0_2_006F23E0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062F3C0	0_2_0062F3C0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D33CB	0_2_006D33CB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F73C9	0_2_006F73C9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CB3C6	0_2_006CB3C6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006273D0	0_2_006273D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006483D8	0_2_006483D8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D93D3	0_2_006D93D3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FC3AD	0_2_006FC3AD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006963AC	0_2_006963AC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FE3A8	0_2_006FE3A8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E63BC	0_2_006E63BC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006823B0	0_2_006823B0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A93B1	0_2_006A93B1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D438A	0_2_006D438A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00689385	0_2_00689385
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B9385	0_2_006B9385
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00683394	0_2_00683394
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A5396	0_2_006A5396
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00660460	0_2_00660460
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C747E	0_2_006C747E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FD47C	0_2_006FD47C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DA478	0_2_006DA478
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C2477	0_2_006C2477
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063747D	0_2_0063747D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00647440	0_2_00647440
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065A440	0_2_0065A440
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BB455	0_2_006BB455
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D043A	0_2_007D043A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00693427	0_2_00693427
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CF435	0_2_006CF435
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AC436	0_2_006AC436
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DF430	0_2_006DF430
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C6405	0_2_006C6405
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006424E0	0_2_006424E0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062D4F3	0_2_0062D4F3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E24F9	0_2_006E24F9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006404C6	0_2_006404C6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006874AB	0_2_006874AB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E84BD	0_2_006E84BD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B148B	0_2_006B148B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E748B	0_2_006E748B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E149A	0_2_006E149A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C449A	0_2_006C449A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069D492	0_2_0069D492
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00644560	0_2_00644560
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AE522	0_2_006AE522
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064C53C	0_2_0064C53C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00700517	0_2_00700517
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068A510	0_2_0068A510
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A3513	0_2_006A3513
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CE510	0_2_006CE510
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006ED5EF	0_2_006ED5EF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006265F0	0_2_006265F0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B85F9	0_2_006B85F9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007055E9	0_2_007055E9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BE5F0	0_2_006BE5F0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EA5DE	0_2_006EA5DE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065A5D4	0_2_0065A5D4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068F5AC	0_2_0068F5AC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065C5A0	0_2_0065C5A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006845A6	0_2_006845A6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069F5B5	0_2_0069F5B5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069C583	0_2_0069C583
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B0669	0_2_006B0669
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00683661	0_2_00683661
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D2666	0_2_006D2666
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D167A	0_2_006D167A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070E668	0_2_0070E668
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AA676	0_2_006AA676
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EE64E	0_2_006EE64E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F1648	0_2_006F1648
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00658650	0_2_00658650
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AB62F	0_2_006AB62F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FB624	0_2_006FB624
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063E630	0_2_0063E630
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069A63E	0_2_0069A63E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C0630	0_2_006C0630
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FF60F	0_2_006FF60F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069760D	0_2_0069760D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CD608	0_2_006CD608
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062F60D	0_2_0062F60D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00709607	0_2_00709607
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063961B	0_2_0063961B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00691613	0_2_00691613
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E66E7	0_2_006E66E7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CA6F9	0_2_006CA6F9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006606F0	0_2_006606F0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069B6FE	0_2_0069B6FE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CB6DD	0_2_006CB6DD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006446D0	0_2_006446D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007016CB	0_2_007016CB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D46D1	0_2_006D46D1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007116A0	0_2_007116A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006996BB	0_2_006996BB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A16BD	0_2_006A16BD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D66B6	0_2_006D66B6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E56B3	0_2_006E56B3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F968F	0_2_006F968F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062E687	0_2_0062E687
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EC680	0_2_006EC680
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BF69E	0_2_006BF69E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DC69A	0_2_006DC69A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D0691	0_2_006D0691
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070368D	0_2_0070368D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00709778	0_2_00709778
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00712767	0_2_00712767
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00647740	0_2_00647740
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0071575B	0_2_0071575B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00632750	0_2_00632750
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F472A	0_2_006F472A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068172F	0_2_0068172F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00698723	0_2_00698723
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068073B	0_2_0068073B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069473E	0_2_0069473E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FD736	0_2_006FD736
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00649739	0_2_00649739
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C1701	0_2_006C1701
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068B718	0_2_0068B718
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069D7EA	0_2_0069D7EA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007047EF	0_2_007047EF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006357C0	0_2_006357C0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070D7D6	0_2_0070D7D6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006867CF	0_2_006867CF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AC7CD	0_2_006AC7CD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A37C6	0_2_006A37C6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B67DA	0_2_006B67DA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069E7AD	0_2_0069E7AD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DF7BE	0_2_006DF7BE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00629780	0_2_00629780
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00682781	0_2_00682781
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A979E	0_2_006A979E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E7792	0_2_006E7792
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068F795	0_2_0068F795
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FE86D	0_2_006FE86D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F8866	0_2_006F8866
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C787C	0_2_006C787C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EB87E	0_2_006EB87E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F7871	0_2_006F7871
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062C840	0_2_0062C840
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E4840	0_2_006E4840
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069C857	0_2_0069C857
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D782F	0_2_006D782F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069282D	0_2_0069282D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068982E	0_2_0068982E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00693822	0_2_00693822
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BD83B	0_2_006BD83B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069683B	0_2_0069683B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A883F	0_2_006A883F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062D83C	0_2_0062D83C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B3809	0_2_006B3809
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E1800	0_2_006E1800
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FC81A	0_2_006FC81A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A6816	0_2_006A6816
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007DF802	0_2_007DF802
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006868EA	0_2_006868EA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007078F7	0_2_007078F7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D38F4	0_2_007D38F4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F18E0	0_2_006F18E0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063B8F6	0_2_0063B8F6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006238C0	0_2_006238C0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007108D9	0_2_007108D9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A78C4	0_2_006A78C4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006538D0	0_2_006538D0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C68D4	0_2_006C68D4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063C8A0	0_2_0063C8A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E88A4	0_2_006E88A4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BB8B8	0_2_006BB8B8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006588B0	0_2_006588B0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CE8BA	0_2_006CE8BA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006848BF	0_2_006848BF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00706883	0_2_00706883
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DB892	0_2_006DB892
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063E960	0_2_0063E960
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C2966	0_2_006C2966
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068297C	0_2_0068297C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DD940	0_2_006DD940
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CD95D	0_2_006CD95D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B695F	0_2_006B695F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EE92B	0_2_006EE92B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0073493D	0_2_0073493D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00625900	0_2_00625900
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A4909	0_2_006A4909
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E290A	0_2_006E290A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00646910	0_2_00646910
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C59E8	0_2_006C59E8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006609E0	0_2_006609E0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064C9EB	0_2_0064C9EB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BA9F0	0_2_006BA9F0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006929CB	0_2_006929CB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C39C0	0_2_006C39C0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D69CC	0_2_007D69CC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007E39C0	0_2_007E39C0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C49D3	0_2_006C49D3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D59AA	0_2_006D59AA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007009B7	0_2_007009B7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F29A0	0_2_006F29A0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006439B9	0_2_006439B9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B798B	0_2_006B798B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00711997	0_2_00711997
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DF985	0_2_006DF985
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D8994	0_2_007D8994
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C899D	0_2_006C899D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E9992	0_2_006E9992
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E0A6E	0_2_006E0A6E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E3A6E	0_2_006E3A6E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00702A64	0_2_00702A64
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00714A52	0_2_00714A52
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065CA40	0_2_0065CA40
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065DA4D	0_2_0065DA4D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00655A4F	0_2_00655A4F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00705A5A	0_2_00705A5A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F0A56	0_2_006F0A56
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F9A54	0_2_006F9A54
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065FA20	0_2_0065FA20
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00698A24	0_2_00698A24
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B8A00	0_2_006B8A00
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00695A19	0_2_00695A19
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DAAE4	0_2_006DAAE4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D6AE3	0_2_006D6AE3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DEAF2	0_2_006DEAF2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068DAC7	0_2_0068DAC7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00639AD0	0_2_00639AD0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F4AD6	0_2_006F4AD6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068FAAD	0_2_0068FAAD
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D8AAA	0_2_006D8AAA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A1ABB	0_2_006A1ABB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00648ABC	0_2_00648ABC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FDAB0	0_2_006FDAB0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00659A80	0_2_00659A80
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00687A85	0_2_00687A85
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F6A9B	0_2_006F6A9B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00688A9D	0_2_00688A9D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D2B63	0_2_006D2B63
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0062AB40	0_2_0062AB40
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AEB45	0_2_006AEB45
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B2B53	0_2_006B2B53
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C0B28	0_2_006C0B28
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D7B3A	0_2_007D7B3A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00701B37	0_2_00701B37
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B5B23	0_2_006B5B23
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F3B38	0_2_006F3B38
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00693B30	0_2_00693B30
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E9B30	0_2_006E9B30
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00712B1A	0_2_00712B1A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065FB10	0_2_0065FB10
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00638B1B	0_2_00638B1B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DCBED	0_2_006DCBED
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FFBE8	0_2_006FFBE8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CFBFC	0_2_006CFBFC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00713BE5	0_2_00713BE5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E7BF9	0_2_006E7BF9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00710BEF	0_2_00710BEF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069BBCE	0_2_0069BBCE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AFBC0	0_2_006AFBC0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A8BD8	0_2_006A8BD8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00699BDC	0_2_00699BDC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CCBD5	0_2_006CCBD5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00685BD2	0_2_00685BD2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A5BD6	0_2_006A5BD6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070BBCF	0_2_0070BBCF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00624BA0	0_2_00624BA0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AABA7	0_2_006AABA7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006ACBB8	0_2_006ACBB8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E5BBA	0_2_006E5BBA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E3BB9	0_2_006E3BB9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063EB80	0_2_0063EB80
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069AB8D	0_2_0069AB8D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00704B8C	0_2_00704B8C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BBC6A	0_2_006BBC6A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007C8C77	0_2_007C8C77
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00684C65	0_2_00684C65
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00691C77	0_2_00691C77
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C6C5C	0_2_006C6C5C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A3C5B	0_2_006A3C5B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DBC5C	0_2_006DBC5C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068DC5E	0_2_0068DC5E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A9C50	0_2_006A9C50
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D9C3C	0_2_006D9C3C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C7C3F	0_2_006C7C3F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007DDC24	0_2_007DDC24
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CDC36	0_2_006CDC36
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00694C35	0_2_00694C35
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A6C02	0_2_006A6C02
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D3C06	0_2_006D3C06
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BFC05	0_2_006BFC05
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00653C10	0_2_00653C10
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EEC13	0_2_006EEC13
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00651CF0	0_2_00651CF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007C7CEB	0_2_007C7CEB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BCCF2	0_2_006BCCF2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00854C19	0_2_00854C19
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D4CD6	0_2_006D4CD6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00712CB3	0_2_00712CB3
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00634CA0	0_2_00634CA0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F1CBE	0_2_006F1CBE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069ECB2	0_2_0069ECB2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00708C93	0_2_00708C93
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A7C8D	0_2_006A7C8D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069CC9E	0_2_0069CC9E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00706C87	0_2_00706C87
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006BDC96	0_2_006BDC96
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EFC90	0_2_006EFC90
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00709D70	0_2_00709D70
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F8D65	0_2_006F8D65
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065FD70	0_2_0065FD70
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E1D71	0_2_006E1D71
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064CD4C	0_2_0064CD4C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00690D59	0_2_00690D59
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070AD48	0_2_0070AD48
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064CD5E	0_2_0064CD5E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00660D20	0_2_00660D20
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00631D2B	0_2_00631D2B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00646D2E	0_2_00646D2E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D5D3C	0_2_006D5D3C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00659D30	0_2_00659D30
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A0D3F	0_2_006A0D3F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F3D3A	0_2_006F3D3A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00641D00	0_2_00641D00
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00707D15	0_2_00707D15
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D1D04	0_2_006D1D04
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00705DFA	0_2_00705DFA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006AEDE6	0_2_006AEDE6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065CDF0	0_2_0065CDF0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00625DC0	0_2_00625DC0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068EDC2	0_2_0068EDC2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068CDD0	0_2_0068CDD0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E8DA8	0_2_006E8DA8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00689DA0	0_2_00689DA0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00657DA9	0_2_00657DA9
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0068ADA5	0_2_0068ADA5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B0DA4	0_2_006B0DA4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D8DB8	0_2_006D8DB8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006CADB0	0_2_006CADB0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064EE63	0_2_0064EE63
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F5E68	0_2_006F5E68
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00640E6C	0_2_00640E6C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00642E6D	0_2_00642E6D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006F2E63	0_2_006F2E63
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0064FE74	0_2_0064FE74
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0073CE50	0_2_0073CE50
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00702E5A	0_2_00702E5A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00680E47	0_2_00680E47
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EAE2A	0_2_006EAE2A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FBE20	0_2_006FBE20
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00711E27	0_2_00711E27
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0065FE00	0_2_0065FE00
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00695E13	0_2_00695E13
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E9EEA	0_2_006E9EEA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B2EF2	0_2_006B2EF2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FFEC1	0_2_006FFEC1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006ABED2	0_2_006ABED2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E0ED6	0_2_006E0ED6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00658EA0	0_2_00658EA0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D6EAA	0_2_006D6EAA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00622EB0	0_2_00622EB0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063AEB0	0_2_0063AEB0
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006EBEB5	0_2_006EBEB5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007D6E9C	0_2_007D6E9C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A4E99	0_2_006A4E99
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DEF66	0_2_006DEF66
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C3F7A	0_2_006C3F7A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070DF6B	0_2_0070DF6B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069FF76	0_2_0069FF76
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00704F40	0_2_00704F40
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00636F52	0_2_00636F52
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0063DF50	0_2_0063DF50
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070FF43	0_2_0070FF43
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E6F58	0_2_006E6F58
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B5F51	0_2_006B5F51
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006B8F2C	0_2_006B8F2C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D2F33	0_2_006D2F33
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A6F09	0_2_006A6F09
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00682F0D	0_2_00682F0D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00692F0E	0_2_00692F0E
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C9F02	0_2_006C9F02
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A8F11	0_2_006A8F11
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00645F1B	0_2_00645F1B
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A1FEE	0_2_006A1FEE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006A4FEE	0_2_006A4FEE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006C7FE8	0_2_006C7FE8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00684FEE	0_2_00684FEE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006FDFE7	0_2_006FDFE7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00710FFB	0_2_00710FFB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006DFFE6	0_2_006DFFE6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00685FCB	0_2_00685FCB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00716FDC	0_2_00716FDC
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D0FDE	0_2_006D0FDE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006E7FD4	0_2_006E7FD4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0070EFB1	0_2_0070EFB1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0069BFBF	0_2_0069BFBF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006D3FB1	0_2_006D3FB1

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: String function: 00627F60 appears 40 times
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: String function: 00634C90 appears 77 times

Uses 32bit PE files

Source: cqHMm0ykDG.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: cqHMm0ykDG.exe	Static PE information: Section: ZLIB complexity 0.9996297998366013
Source: cqHMm0ykDG.exe	Static PE information: Section: xocmleeq ZLIB complexity 0.9946934735757121

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Code function: 0_2_00652070 CoCreateInstance,

0_2_00652070

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: cqHMm0ykDG.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

File read: C:\Users\user\Desktop\cqHMm0ykDG.exe

Jump to behavior

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: cqHMm0ykDG.exe

Static file information: File size 1879552 > 1048576

Source: cqHMm0ykDG.exe

Static PE information: Raw size of xocmleeq is bigger than: 0x100000 < 0x1a0e00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Unpacked PE file: 0.2.cqHMm0ykDG.exe.620000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xocmleeq:EW;fptgzdnx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xocmleeq:EW;fptgzdnx:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: cqHMm0ykDG.exe

Static PE information: real checksum: 0x1d7665 should be: 0x1d0c85

PE file contains sections with non-standard names

Source: cqHMm0ykDG.exe	Static PE information: section name:
Source: cqHMm0ykDG.exe	Static PE information: section name: .idata
Source: cqHMm0ykDG.exe	Static PE information: section name:
Source: cqHMm0ykDG.exe	Static PE information: section name: xocmleeq
Source: cqHMm0ykDG.exe	Static PE information: section name: fptgzdnx
Source: cqHMm0ykDG.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067927A push 2F5B4E91h; mov dword ptr [esp], ecx	0_2_00679401
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00657069 push es; retf	0_2_00657074
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00865090 push 237A8B0Ch; mov dword ptr [esp], ebx	0_2_00865103
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067C047 push 617CDF89h; mov dword ptr [esp], edx	0_2_0067CEEA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00722041 push ebx; mov dword ptr [esp], 6A31849Eh	0_2_007220A2
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00722041 push ebx; mov dword ptr [esp], eax	0_2_0072215A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00722041 push 5E44C4FBh; mov dword ptr [esp], edi	0_2_00722162
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00722041 push ebx; mov dword ptr [esp], esi	0_2_007221A1
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00722041 push ecx; mov dword ptr [esp], edi	0_2_007221DF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_008750B4 push 20EF1EC6h; mov dword ptr [esp], esp	0_2_008750D4
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067E05D push 70812741h; mov dword ptr [esp], ebp	0_2_0067E068
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00680052 push 46564348h; mov dword ptr [esp], ebp	0_2_00680069
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_008810C2 push 0C774463h; mov dword ptr [esp], eax	0_2_008810F8
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00678012 push 5C8D06ABh; mov dword ptr [esp], edi	0_2_0067858C
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006790ED push edx; mov dword ptr [esp], edi	0_2_0067910A
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067D0FB push esi; mov dword ptr [esp], edx	0_2_0067D102
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067D0FB push ebx; mov dword ptr [esp], 00000004h	0_2_0067D109
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006780C1 push 48C64C30h; mov dword ptr [esp], eax	0_2_006780C6
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006780C1 push 72BCB330h; mov dword ptr [esp], ecx	0_2_006786CA
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_0067E0CE push eax; mov dword ptr [esp], edx	0_2_006802D7
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_006770BE push edx; mov dword ptr [esp], 620D5D1Bh	0_2_0067736D
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push ecx; mov dword ptr [esp], 7918F981h	0_2_00710543
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push 16429D12h; mov dword ptr [esp], eax	0_2_00710555
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push ecx; mov dword ptr [esp], ebx	0_2_00710573
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push edx; mov dword ptr [esp], edi	0_2_00710646
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push ebx; mov dword ptr [esp], 6BA5BD87h	0_2_0071068F
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push 524DE377h; mov dword ptr [esp], edx	0_2_007106AB
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push edx; mov dword ptr [esp], 6372ACF8h	0_2_007106C5
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push 5C7AD162h; mov dword ptr [esp], esi	0_2_007107CF
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_007100AE push edi; mov dword ptr [esp], eax	0_2_007107DE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Code function: 0_2_00679140 push 3EE45061h; mov dword ptr [esp], eax	0_2_00679154

Source: cqHMm0ykDG.exe	Static PE information: section name: entropy: 7.985885888746699
Source: cqHMm0ykDG.exe	Static PE information: section name: xocmleeq entropy: 7.952773735279353

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Window searched: window name: Regmonclass	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 67901E second address: 679025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 679025 second address: 678945 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BDCF4D0CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b pushad 0x0000000c je 00007F8BDCF4D0CBh 0x00000012 sbb di, 0F95h 0x00000017 jp 00007F8BDCF4D0C8h 0x0000001d popad 0x0000001e push dword ptr [ebp+122D14F1h] 0x00000024 cmc 0x00000025 pushad 0x00000026 and ecx, dword ptr [ebp+122D2AADh] 0x0000002c mov dword ptr [ebp+122D1DA5h], ebx 0x00000032 popad 0x00000033 call dword ptr [ebp+122D2D12h] 0x00000039 pushad 0x0000003a je 00007F8BDCF4D0CCh 0x00000040 xor eax, eax 0x00000042 mov dword ptr [ebp+122D2643h], eax 0x00000048 mov edx, dword ptr [esp+28h] 0x0000004c cmc 0x0000004d mov dword ptr [ebp+122D28ADh], eax 0x00000053 cld 0x00000054 sub dword ptr [ebp+122D2643h], ecx 0x0000005a mov esi, 0000003Ch 0x0000005f jns 00007F8BDCF4D0C7h 0x00000065 cmc 0x00000066 add esi, dword ptr [esp+24h] 0x0000006a mov dword ptr [ebp+122D2643h], esi 0x00000070 lodsw 0x00000072 add dword ptr [ebp+122D2643h], edi 0x00000078 add eax, dword ptr [esp+24h] 0x0000007c jmp 00007F8BDCF4D0D1h 0x00000081 mov ebx, dword ptr [esp+24h] 0x00000085 jmp 00007F8BDCF4D0D8h 0x0000008a push eax 0x0000008b jbe 00007F8BDCF4D0D0h 0x00000091 pushad 0x00000092 push esi 0x00000093 pop esi 0x00000094 push eax 0x00000095 push edx 0x00000096 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EC298 second address: 7EC2BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jnp 00007F8BDCCD3336h 0x0000000e jnl 00007F8BDCCD3336h 0x00000014 popad 0x00000015 jmp 00007F8BDCCD333Ah 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EC2BB second address: 7EC2BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EC2BF second address: 7EC2C9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8BDCCD3336h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7E4348 second address: 7E4353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7E4353 second address: 7E4357 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EB317 second address: 7EB31B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EB31B second address: 7EB33D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCCD3344h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jc 00007F8BDCCD3336h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EB59E second address: 7EB5B1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F8BDCF4D0C8h 0x0000000c pop eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EB6F1 second address: 7EB71D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCCD3348h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8BDCCD333Eh 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EB71D second address: 7EB721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EBB74 second address: 7EBB99 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8BDCCD3346h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7EBB99 second address: 7EBB9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED431 second address: 7ED437 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED437 second address: 678945 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 078C1CA8h 0x00000011 jnl 00007F8BDCB7BDB8h 0x00000017 mov ch, 65h 0x00000019 push dword ptr [ebp+122D14F1h] 0x0000001f xor esi, dword ptr [ebp+122D2991h] 0x00000025 call dword ptr [ebp+122D2D12h] 0x0000002b pushad 0x0000002c je 00007F8BDCB7BDBCh 0x00000032 sub dword ptr [ebp+122D2643h], esi 0x00000038 xor eax, eax 0x0000003a mov dword ptr [ebp+122D2643h], eax 0x00000040 mov edx, dword ptr [esp+28h] 0x00000044 cmc 0x00000045 mov dword ptr [ebp+122D28ADh], eax 0x0000004b cld 0x0000004c sub dword ptr [ebp+122D2643h], ecx 0x00000052 mov esi, 0000003Ch 0x00000057 jns 00007F8BDCB7BDB7h 0x0000005d cmc 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 mov dword ptr [ebp+122D2643h], esi 0x00000068 lodsw 0x0000006a add dword ptr [ebp+122D2643h], edi 0x00000070 add eax, dword ptr [esp+24h] 0x00000074 jmp 00007F8BDCB7BDC1h 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d jmp 00007F8BDCB7BDC8h 0x00000082 push eax 0x00000083 jbe 00007F8BDCB7BDC0h 0x00000089 pushad 0x0000008a push esi 0x0000008b pop esi 0x0000008c push eax 0x0000008d push edx 0x0000008e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED4EA second address: 7ED53F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e ja 00007F8BDCE9EA90h 0x00000014 mov eax, dword ptr [eax] 0x00000016 pushad 0x00000017 ja 00007F8BDCE9EA88h 0x0000001d push ecx 0x0000001e jmp 00007F8BDCE9EA8Dh 0x00000023 pop ecx 0x00000024 popad 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F8BDCE9EA96h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED53F second address: 7ED58F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F8BDCB7BDC9h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c jmp 00007F8BDCB7BDC2h 0x00000011 push 00000003h 0x00000013 mov ecx, dword ptr [ebp+122D18EFh] 0x00000019 push 00000000h 0x0000001b mov dl, bl 0x0000001d push 00000003h 0x0000001f cld 0x00000020 push EE164B11h 0x00000025 push eax 0x00000026 push edx 0x00000027 jc 00007F8BDCB7BDB8h 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED669 second address: 7ED6BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 movzx edi, cx 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F8BDCE9EA88h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 and ecx, 5E865D2Ch 0x0000002e push 4B5A0C5Bh 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F8BDCE9EA97h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED6BA second address: 7ED761 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8BDCB7BDC4h 0x00000008 jne 00007F8BDCB7BDB6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xor dword ptr [esp], 4B5A0CDBh 0x00000018 mov dword ptr [ebp+122D2DD9h], ebx 0x0000001e push 00000003h 0x00000020 cmc 0x00000021 push 00000000h 0x00000023 mov cx, DB00h 0x00000027 push 00000003h 0x00000029 push 00000000h 0x0000002b push ebx 0x0000002c call 00007F8BDCB7BDB8h 0x00000031 pop ebx 0x00000032 mov dword ptr [esp+04h], ebx 0x00000036 add dword ptr [esp+04h], 00000019h 0x0000003e inc ebx 0x0000003f push ebx 0x00000040 ret 0x00000041 pop ebx 0x00000042 ret 0x00000043 mov si, F18Ah 0x00000047 sub ecx, dword ptr [ebp+122D2CA1h] 0x0000004d call 00007F8BDCB7BDB9h 0x00000052 jmp 00007F8BDCB7BDC6h 0x00000057 push eax 0x00000058 push ecx 0x00000059 pushad 0x0000005a jno 00007F8BDCB7BDB6h 0x00000060 js 00007F8BDCB7BDB6h 0x00000066 popad 0x00000067 pop ecx 0x00000068 mov eax, dword ptr [esp+04h] 0x0000006c pushad 0x0000006d jbe 00007F8BDCB7BDBCh 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED761 second address: 7ED7E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b pushad 0x0000000c jnc 00007F8BDCE9EA86h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jo 00007F8BDCE9EA86h 0x0000001e popad 0x0000001f popad 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push esi 0x00000025 jne 00007F8BDCE9EA8Ch 0x0000002b pop esi 0x0000002c pop eax 0x0000002d jmp 00007F8BDCE9EA95h 0x00000032 lea ebx, dword ptr [ebp+1244839Fh] 0x00000038 jmp 00007F8BDCE9EA99h 0x0000003d xchg eax, ebx 0x0000003e jne 00007F8BDCE9EA90h 0x00000044 push eax 0x00000045 push ebx 0x00000046 jnl 00007F8BDCE9EA8Ch 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED865 second address: 7ED8A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F8BDCB7BDB6h 0x00000009 jmp 00007F8BDCB7BDC6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push edx 0x00000014 jmp 00007F8BDCB7BDC9h 0x00000019 pop edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED8A7 second address: 7ED8AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7ED967 second address: 7ED99C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB7BDC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8BDCB7BDC9h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80E8B2 second address: 80E8B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80E8B6 second address: 80E8C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F8BDCB7BDB8h 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80E8C4 second address: 80E8CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80EA80 second address: 80EA8D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80ED64 second address: 80ED68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80ED68 second address: 80ED6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80EEE6 second address: 80EEEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F074 second address: 80F08B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB7BDC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F21F second address: 80F223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F223 second address: 80F227 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F227 second address: 80F237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jc 00007F8BDCE9EA8Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F504 second address: 80F514 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8BDCB7BDB6h 0x00000008 jo 00007F8BDCB7BDB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F514 second address: 80F54F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE9EA96h 0x00000007 jmp 00007F8BDCE9EA8Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jo 00007F8BDCE9EA88h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push edi 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a jbe 00007F8BDCE9EA86h 0x00000020 pop edi 0x00000021 push eax 0x00000022 push edx 0x00000023 push ebx 0x00000024 pop ebx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F54F second address: 80F553 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 805FEB second address: 805FF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F67A second address: 80F68B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push edi 0x00000009 pop edi 0x0000000a jnl 00007F8BDCB7BDB6h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F68B second address: 80F69C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCE9EA8Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80F69C second address: 80F6BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB7BDC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F8BDCB7BDB6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FC9E second address: 80FCAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F8BDCE9EA86h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FCAA second address: 80FCAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FDD2 second address: 80FDD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FDD6 second address: 80FDFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F8BDCB7BDBFh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FDFC second address: 80FE00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE00 second address: 80FE04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE04 second address: 80FE24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE9EA94h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE24 second address: 80FE28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE28 second address: 80FE2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE2E second address: 80FE40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCB7BDBCh 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FE40 second address: 80FE44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FF8B second address: 80FFA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8BDCB7BDC1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FFA6 second address: 80FFAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 80FFAC second address: 80FFB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 810391 second address: 8103A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8BDCE9EA86h 0x0000000a pop esi 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8103A4 second address: 8103A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8119A2 second address: 8119A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8129FB second address: 8129FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8129FF second address: 812A08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 812A08 second address: 812A0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 812A0E second address: 812A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jnp 00007F8BDCE9EA91h 0x0000000e jmp 00007F8BDCE9EA8Bh 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 812A2A second address: 812A52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCB7BDC0h 0x00000009 popad 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jo 00007F8BDCB7BDBCh 0x00000017 jbe 00007F8BDCB7BDB6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 812A52 second address: 812A65 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BDCE9EA88h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 812A65 second address: 812A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81D49E second address: 81D4A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81D4A2 second address: 81D4B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCB7BDBAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81C83E second address: 81C862 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8BDCE9EA90h 0x00000008 jmp 00007F8BDCE9EA8Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81CB61 second address: 81CB67 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81CB67 second address: 81CB6C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81CB6C second address: 81CBA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 ja 00007F8BDCB7BDBAh 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 ja 00007F8BDCB7BDD1h 0x00000019 jne 00007F8BDCB7BDB6h 0x0000001f jmp 00007F8BDCB7BDC5h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81CD14 second address: 81CD25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8BDCE9EA86h 0x0000000a jng 00007F8BDCE9EA86h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81D16F second address: 81D173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81D173 second address: 81D1A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jno 00007F8BDCE9EA86h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F8BDCE9EA88h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 pop eax 0x00000019 jmp 00007F8BDCE9EA98h 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81D1A8 second address: 81D1C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8BDCB7BDC6h 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8202B4 second address: 8202BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 820909 second address: 82093F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jne 00007F8BDCB7BDC7h 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 jg 00007F8BDCB7BDBCh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82093F second address: 8209AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jp 00007F8BDCE9EA9Bh 0x00000011 push eax 0x00000012 jmp 00007F8BDCE9EA93h 0x00000017 pop eax 0x00000018 pop eax 0x00000019 mov edi, dword ptr [ebp+122D2D0Dh] 0x0000001f call 00007F8BDCE9EA89h 0x00000024 pushad 0x00000025 jmp 00007F8BDCE9EA98h 0x0000002a push edi 0x0000002b jnp 00007F8BDCE9EA86h 0x00000031 pop edi 0x00000032 popad 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 jmp 00007F8BDCE9EA91h 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8209AE second address: 8209B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8209B3 second address: 8209D8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8BDCE9EA88h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jnc 00007F8BDCE9EA8Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 jnc 00007F8BDCE9EA86h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8209D8 second address: 8209E6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8209E6 second address: 8209F3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8BDCE9EA86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 820CFF second address: 820D03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 820F26 second address: 820F3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCE9EA90h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 820F3A second address: 820F52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F8BDCB7BDBAh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 820FF5 second address: 82101B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F8BDCE9EA92h 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push ecx 0x00000010 jng 00007F8BDCE9EA86h 0x00000016 pop ecx 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821149 second address: 821153 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F8BDCB7BDB6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821153 second address: 821166 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F8BDCE9EA88h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821655 second address: 821659 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82175A second address: 82175F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8218F2 second address: 8218F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8219E4 second address: 8219EE instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8BDCE9EA86h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821AA1 second address: 821AA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821AA7 second address: 821AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821B6C second address: 821B70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 821B70 second address: 821B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 822C0D second address: 822C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 823CE1 second address: 823CE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8233DA second address: 8233E0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 823CE5 second address: 823D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F8BDCB84978h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 mov dword ptr [ebp+124522B9h], ecx 0x0000002c or dword ptr [ebp+122D2770h], ecx 0x00000032 mov edi, esi 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edi 0x00000039 call 00007F8BDCB84978h 0x0000003e pop edi 0x0000003f mov dword ptr [esp+04h], edi 0x00000043 add dword ptr [esp+04h], 00000019h 0x0000004b inc edi 0x0000004c push edi 0x0000004d ret 0x0000004e pop edi 0x0000004f ret 0x00000050 adc di, 0F87h 0x00000055 push eax 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F8BDCB8497Ah 0x0000005f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 823D59 second address: 823D5F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 825211 second address: 825225 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB84980h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 825042 second address: 82504F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8BDCE92686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 825CB3 second address: 825CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8273F6 second address: 8273FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82A0CC second address: 82A0D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82A0D0 second address: 82A0D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82A5AB second address: 82A5B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8BDCB84976h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82C5C4 second address: 82C5C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82C5C8 second address: 82C636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007F8BDCB84976h 0x0000000d jnc 00007F8BDCB84976h 0x00000013 popad 0x00000014 popad 0x00000015 nop 0x00000016 mov bx, si 0x00000019 cmc 0x0000001a push 00000000h 0x0000001c mov edi, dword ptr [ebp+122D2B2Dh] 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push eax 0x00000027 call 00007F8BDCB84978h 0x0000002c pop eax 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 add dword ptr [esp+04h], 0000001Bh 0x00000039 inc eax 0x0000003a push eax 0x0000003b ret 0x0000003c pop eax 0x0000003d ret 0x0000003e sub dword ptr [ebp+12445B29h], eax 0x00000044 jmp 00007F8BDCB8497Fh 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F8BDCB8497Fh 0x00000051 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82D5B9 second address: 82D5C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F8BDCE92686h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82D5C3 second address: 82D5C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82658D second address: 826597 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82F3EC second address: 82F3F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82F3F9 second address: 82F3FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 83042F second address: 830435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 830435 second address: 83045C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F8BDCE92698h 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e push esi 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 827CA8 second address: 827CAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 827CAF second address: 827CB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 835C07 second address: 835C0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 836BB7 second address: 836BBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 836BBC second address: 836C33 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov ebx, 32F1E512h 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F8BDCB84978h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Ch 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c pushad 0x0000002d call 00007F8BDCB84988h 0x00000032 call 00007F8BDCB84980h 0x00000037 pop esi 0x00000038 pop eax 0x00000039 mov esi, 5BD154BFh 0x0000003e popad 0x0000003f mov ebx, eax 0x00000041 push 00000000h 0x00000043 stc 0x00000044 xchg eax, esi 0x00000045 je 00007F8BDCB84988h 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 836C33 second address: 836C37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 836C37 second address: 836C3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 837B67 second address: 837B6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 82F6BA second address: 82F6C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 833CF4 second address: 833D96 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F8BDCE92696h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov ebx, 5751DA69h 0x00000013 sub bl, FFFFFF9Ch 0x00000016 push dword ptr fs:[00000000h] 0x0000001d mov ebx, esi 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 sbb edi, 50296C36h 0x0000002c mov eax, dword ptr [ebp+122D00EDh] 0x00000032 mov edi, dword ptr [ebp+122D1A0Ah] 0x00000038 push FFFFFFFFh 0x0000003a push 00000000h 0x0000003c push ecx 0x0000003d call 00007F8BDCE92688h 0x00000042 pop ecx 0x00000043 mov dword ptr [esp+04h], ecx 0x00000047 add dword ptr [esp+04h], 00000018h 0x0000004f inc ecx 0x00000050 push ecx 0x00000051 ret 0x00000052 pop ecx 0x00000053 ret 0x00000054 push edx 0x00000055 jnc 00007F8BDCE92693h 0x0000005b pop ebx 0x0000005c push ecx 0x0000005d mov edi, dword ptr [ebp+122D2899h] 0x00000063 pop ebx 0x00000064 nop 0x00000065 pushad 0x00000066 jg 00007F8BDCE92688h 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F8BDCE9268Eh 0x00000073 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 833D96 second address: 833DAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8BDCB8497Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 831784 second address: 83178A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 835D38 second address: 835D4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCB84981h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 835D4E second address: 835D54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 835D54 second address: 835D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 837D30 second address: 837D39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 838C53 second address: 838C72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB84983h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 839CC7 second address: 839CD7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BDCE92686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 839CD7 second address: 839CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 839CDF second address: 839CE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 83ABDC second address: 83ABE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 83ABE0 second address: 83AC17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92697h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F8BDCE92691h 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 jp 00007F8BDCE9268Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 83AC17 second address: 83AC23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007F8BDCB84976h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843F23 second address: 843F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843F29 second address: 843F45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007F8BDCB84983h 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843F45 second address: 843F73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE9268Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8BDCE92698h 0x0000000e jp 00007F8BDCE92686h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7E5E1C second address: 7E5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843643 second address: 843657 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8BDCE92686h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jno 00007F8BDCE92686h 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8437A6 second address: 8437AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843951 second address: 843955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843955 second address: 843959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843959 second address: 84395F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843AD6 second address: 843AF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB8497Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8BDCB8497Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843AF7 second address: 843AFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843AFD second address: 843B0F instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BDCB84976h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 843B0F second address: 843B13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 848D0C second address: 848D19 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 848F3A second address: 848F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 848F3E second address: 848F5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8BDCB8497Eh 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F8BDCB84976h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 848F5E second address: 848F64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84D49E second address: 84D4A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8BDCB84976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84D4A8 second address: 84D4B7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8BDCE92686h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84D4B7 second address: 84D4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84DD6D second address: 84DD86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92695h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84DD86 second address: 84DD8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84DD8C second address: 84DD9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE9268Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84DD9F second address: 84DDA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E093 second address: 84E099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E099 second address: 84E09D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E09D second address: 84E0B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92697h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E263 second address: 84E268 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E268 second address: 84E290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE92691h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007F8BDCE926B6h 0x00000012 jo 00007F8BDCE9268Eh 0x00000018 push edx 0x00000019 pop edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 84E290 second address: 84E299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8546E8 second address: 8546EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7DD648 second address: 7DD64C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7DD64C second address: 7DD663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE92691h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853243 second address: 85325C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCB84983h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85351D second address: 853522 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8537F7 second address: 853800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853800 second address: 85381A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jmp 00007F8BDCE9268Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85381A second address: 85381E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853D51 second address: 853D60 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8BDCE9268Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853ED1 second address: 853ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853ED6 second address: 853EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853EDC second address: 853EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853EE0 second address: 853EE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853EE4 second address: 853F17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F8BDCB84981h 0x00000012 jng 00007F8BDCB84976h 0x00000018 popad 0x00000019 jng 00007F8BDCB8497Eh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853F17 second address: 853F1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 853F1D second address: 853F21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8540AB second address: 8540C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8BDCE9268Ah 0x0000000d jnp 00007F8BDCE9268Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8540C5 second address: 8540C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8540C9 second address: 8540CE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85B169 second address: 85B1B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB84981h 0x00000007 jmp 00007F8BDCB84980h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F8BDCB8497Eh 0x00000013 push ecx 0x00000014 jmp 00007F8BDCB84982h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85B1B1 second address: 85B1C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 ja 00007F8BDCE926AAh 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F8BDCE92686h 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E30A second address: 81E30E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E30E second address: 81E314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E314 second address: 81E330 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCB84988h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E330 second address: 81E334 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E334 second address: 81E346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a jnl 00007F8BDCB8497Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E346 second address: 81E3A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jmp 00007F8BDCE92693h 0x0000000e mov eax, dword ptr [eax] 0x00000010 push ebx 0x00000011 push edi 0x00000012 jmp 00007F8BDCE9268Ch 0x00000017 pop edi 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d jmp 00007F8BDCE92695h 0x00000022 pop eax 0x00000023 mov dword ptr [ebp+122D2650h], ecx 0x00000029 push FC3B7626h 0x0000002e push edi 0x0000002f jc 00007F8BDCE9268Ch 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E7E9 second address: 81E814 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8BDCB8497Ch 0x00000008 jbe 00007F8BDCB84976h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov ecx, dword ptr [ebp+12452376h] 0x00000017 push 00000004h 0x00000019 jns 00007F8BDCB8497Ch 0x0000001f nop 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E814 second address: 81E81A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E81A second address: 81E81F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EB1F second address: 81EB24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EB24 second address: 81EB57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F8BDCB84986h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov dword ptr [ebp+124466D2h], esi 0x00000014 push 0000001Eh 0x00000016 cld 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jbe 00007F8BDCB84976h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EB57 second address: 81EB61 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8BDCE92686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EF5D second address: 81EF63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EF63 second address: 81EF69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EF69 second address: 81EFEF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jne 00007F8BDCB84984h 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F8BDCB84978h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000019h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D2643h], ecx 0x00000030 lea eax, dword ptr [ebp+12478A09h] 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007F8BDCB84978h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jnl 00007F8BDCB8498Ah 0x00000059 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81EFEF second address: 806BCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92690h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov edx, dword ptr [ebp+122D264Ah] 0x00000012 sbb cx, 130Eh 0x00000017 call dword ptr [ebp+122D1C6Bh] 0x0000001d jmp 00007F8BDCE92694h 0x00000022 push eax 0x00000023 push edx 0x00000024 jp 00007F8BDCE9268Eh 0x0000002a pushad 0x0000002b popad 0x0000002c jc 00007F8BDCE92686h 0x00000032 push ecx 0x00000033 pushad 0x00000034 popad 0x00000035 pop ecx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BBA7 second address: 85BBBB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8BDCB8497Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BBBB second address: 85BBC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BBC1 second address: 85BBC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BCCD second address: 85BCD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BCD2 second address: 85BCDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F8BDCB84976h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BCDF second address: 85BCF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F8BDCE9268Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BCF8 second address: 85BD0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB8497Ah 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 85BE53 second address: 85BE73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92698h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 864FE4 second address: 864FE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 864FE9 second address: 864FFA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 864FFA second address: 865000 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 865416 second address: 86541B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86589C second address: 8658AB instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8BDCB84976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8658AB second address: 8658B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86988F second address: 869893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 869893 second address: 8698B4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8BDCE92686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F8BDCE92697h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8698B4 second address: 8698F6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnl 00007F8BDCB84976h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jmp 00007F8BDCB84988h 0x00000015 popad 0x00000016 jo 00007F8BDCB84978h 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007F8BDCB8497Eh 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 869A4C second address: 869A6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F8BDCE9268Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8BDCE9268Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 869A6F second address: 869A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 869BC7 second address: 869BCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86C4E9 second address: 86C4EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86C071 second address: 86C075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86C075 second address: 86C08A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB8497Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86C08A second address: 86C09A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 jnp 00007F8BDCE926A2h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86C09A second address: 86C09E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86FBC0 second address: 86FBC8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86FBC8 second address: 86FBCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 86FBCE second address: 86FBD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 87515D second address: 875173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8BDCB84981h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 875173 second address: 87519F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92696h 0x00000007 pushad 0x00000008 jmp 00007F8BDCE9268Dh 0x0000000d pushad 0x0000000e popad 0x0000000f push edx 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8755A6 second address: 8755AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8755AA second address: 8755AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 87A3A4 second address: 87A3AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 87A3AA second address: 87A3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 87A3AE second address: 87A3BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push ebx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 879C8B second address: 879C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 879C8F second address: 879C93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 879C93 second address: 879CA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007F8BDCE92686h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 879E34 second address: 879E38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 879F46 second address: 879F4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 88286B second address: 882872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 880CA1 second address: 880CA7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 880CA7 second address: 880CAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 880CAF second address: 880CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 880CB3 second address: 880CB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 880CB7 second address: 880CC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8811ED second address: 8811F3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8811F3 second address: 8811FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8811FB second address: 881205 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8BDCB84976h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8814EA second address: 8814EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8814EE second address: 8814F4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8817CA second address: 8817E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE92694h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8817E2 second address: 881804 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8BDCB84976h 0x00000008 jg 00007F8BDCB84976h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F8BDCB84980h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 81E93F second address: 81E943 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 881A52 second address: 881A58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 881A58 second address: 881A5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 881A5C second address: 881A60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 881A60 second address: 881A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE9268Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 881A72 second address: 881AB4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 jg 00007F8BDCB84976h 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 je 00007F8BDCB84976h 0x00000018 ja 00007F8BDCB84976h 0x0000001e popad 0x0000001f jmp 00007F8BDCB84989h 0x00000024 push eax 0x00000025 push edx 0x00000026 jo 00007F8BDCB84976h 0x0000002c push eax 0x0000002d pop eax 0x0000002e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 88771F second address: 887723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 887723 second address: 88772F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 88772F second address: 88773E instructions: 0x00000000 rdtsc 0x00000002 js 00007F8BDCE92686h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886B4D second address: 886B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8BDCB84976h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886E24 second address: 886E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886E29 second address: 886E4C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8BDCB84984h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jnc 00007F8BDCB84976h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886E4C second address: 886E53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886FBE second address: 886FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 886FC2 second address: 886FC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8872F8 second address: 8872FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8872FD second address: 887334 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE9268Fh 0x00000007 push eax 0x00000008 jmp 00007F8BDCE92693h 0x0000000d jmp 00007F8BDCE9268Bh 0x00000012 pop eax 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 88C347 second address: 88C350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 88F59C second address: 88F5B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE9268Dh 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 7D69C3 second address: 7D69E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F8BDCB84988h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 895AFB second address: 895AFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 895D82 second address: 895D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 895D86 second address: 895D90 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 895EC2 second address: 895ED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jng 00007F8BDCB8497Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8961C0 second address: 8961C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8961C6 second address: 8961D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F8BDCB84976h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8961D6 second address: 8961F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92697h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 896499 second address: 8964A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8964A0 second address: 8964B2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jno 00007F8BDCE92686h 0x00000009 pop ebx 0x0000000a jg 00007F8BDCE9268Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 896E6F second address: 896E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 896E75 second address: 896E81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8BDCE92686h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 899C37 second address: 899C4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 ja 00007F8BDCB84976h 0x0000000c jp 00007F8BDCB84976h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 89CA2F second address: 89CA41 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F8BDCE9268Bh 0x00000008 pop edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 89CA41 second address: 89CA47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A156C second address: 8A1570 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A169F second address: 8A16B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8BDCB8497Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A182B second address: 8A1863 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92691h 0x00000007 jmp 00007F8BDCE92694h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F8BDCE9268Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A1863 second address: 8A187E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCB84987h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A187E second address: 8A1882 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A1882 second address: 8A18A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007F8BDCB84986h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A18A5 second address: 8A18FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92693h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F8BDCE9268Eh 0x00000010 push esi 0x00000011 jmp 00007F8BDCE92696h 0x00000016 jmp 00007F8BDCE92694h 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A18FC second address: 8A1906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8BDCB84976h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8A879D second address: 8A87C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8BDCE92686h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F8BDCE92695h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8ADC8D second address: 8ADCE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB84984h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F8BDCB8497Eh 0x00000011 ja 00007F8BDCB84976h 0x00000017 pushad 0x00000018 popad 0x00000019 push ecx 0x0000001a pushad 0x0000001b popad 0x0000001c pop ecx 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 jl 00007F8BDCB8497Eh 0x00000026 push ecx 0x00000027 pop ecx 0x00000028 jnp 00007F8BDCB84976h 0x0000002e pushad 0x0000002f pushad 0x00000030 popad 0x00000031 pushad 0x00000032 popad 0x00000033 jmp 00007F8BDCB84985h 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8ADCE5 second address: 8ADCF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F8BDCE92686h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B0A1E second address: 8B0A22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B0A22 second address: 8B0A28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B075D second address: 8B0761 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B0761 second address: 8B0771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007F8BDCE92686h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B0771 second address: 8B0775 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B5B58 second address: 8B5B91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F8BDCE92686h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F8BDCE92697h 0x00000011 jl 00007F8BDCE9268Ah 0x00000017 pushad 0x00000018 popad 0x00000019 push esi 0x0000001a pop esi 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pushad 0x00000020 popad 0x00000021 pop eax 0x00000022 push esi 0x00000023 pushad 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B5B91 second address: 8B5B96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B5B96 second address: 8B5BB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCE92696h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B5579 second address: 8B5581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8B571D second address: 8B5723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8BCED2 second address: 8BCEED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCB8497Bh 0x00000007 jne 00007F8BDCB84976h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8C749D second address: 8C74B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE92698h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8CB7DA second address: 8CB7E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F8BDCB84976h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8CB7E9 second address: 8CB7ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8CB7ED second address: 8CB807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F8BDCB84981h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D1873 second address: 8D187D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D187D second address: 8D1881 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D0669 second address: 8D066E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D1593 second address: 8D15B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F8BDCB84976h 0x00000011 jmp 00007F8BDCB8497Fh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D15B3 second address: 8D15B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D52A0 second address: 8D52A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D52A4 second address: 8D52A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D4E41 second address: 8D4E63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8BDCB84988h 0x00000009 jnc 00007F8BDCB84976h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D4E63 second address: 8D4E7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8BDCE9268Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F8BDCE92686h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D4E7C second address: 8D4E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8D4E80 second address: 8D4E84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8F18A6 second address: 8F18AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 906B7E second address: 906B99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8BDCE92697h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 906B99 second address: 906BA8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8BDCB84976h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 907117 second address: 90711D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 9074CD second address: 9074D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 9074D3 second address: 9074D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 9074D8 second address: 9074E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F8BDCB84976h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 9074E4 second address: 907501 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F8BDCE92694h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 907501 second address: 907507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 90A690 second address: 90A69F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F8BDCE92686h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	RDTSC instruction interceptor: First address: 8236BA second address: 8236BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Special instruction interceptor: First address: 67899A instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Code function: 0_2_0067C694 rdtsc

0_2_0067C694

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe TID: 4308	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe TID: 616	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: cqHMm0ykDG.exe, cqHMm0ykDG.exe, 00000000.00000002.2182216230.00000000007F4000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: cqHMm0ykDG.exe, 00000000.00000002.2182873624.0000000001399000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000003.2181338396.0000000001399000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: cqHMm0ykDG.exe, 00000000.00000003.2181718523.00000000013D6000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182999910.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: cqHMm0ykDG.exe, 00000000.00000003.2181718523.00000000013D6000.00000004.00000020.00020000.00000000.sdmp, cqHMm0ykDG.exe, 00000000.00000002.2182999910.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: cqHMm0ykDG.exe, 00000000.00000002.2182216230.00000000007F4000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	File opened: NTICE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	File opened: SICE
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\cqHMm0ykDG.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Code function: 0_2_0067C694 rdtsc

0_2_0067C694

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Code function: 0_2_0065E110 LdrInitializeThunk,

0_2_0065E110

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: cqHMm0ykDG.exe	String found in binary or memory: hummskitnj.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: cashfuzysao.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: appliacnesot.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: screwamusresz.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: inherineau.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: scentniej.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: rebuildeso.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: prisonyfork.buzz
Source: cqHMm0ykDG.exe	String found in binary or memory: mindhandru.buzz

Source: cqHMm0ykDG.exe, cqHMm0ykDG.exe, 00000000.00000002.2182216230.00000000007F4000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: xProgram Manager

Source: C:\Users\user\Desktop\cqHMm0ykDG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

ID:	1580955
Product:	CloudBasic
Start time:	14:13:10
Start date:	26.12.2024
Sample:	cqHMm0ykDG.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	381279537c50d9cfcb8f30729500f279
SHA1:	f62f1db11cdda24b84e491aaf8c3022290077c29
SHA256:	d81d29588d59cf2724fdd72138b75d36fae4561716972f25d44266640b7f0f52
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
cqHMm0ykDG.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report cqHMm0ykDG.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
cqHMm0ykDG.exe

Malware Threat Intel
Provided by