Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1528485
MD5: 4b701c6c6316241b700854f6ee0f1ef3
SHA1: 3570b6e5a2595e4ce6f4763652501d33c42a8299
SHA256: 4c6375bc022f9d994a0038a84f148d1cba6979e4ebb4aa6ecf6b8a074c507f9a
Tags: exeuser-Bitsight
Infos:

Detection

LummaC
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: https://steamcommunity.com/profiles/76561199724331900 URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/ URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/badges URL Reputation: Label: malware
Found malware configuration
Source: file.exe.6040.0.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["eaglepawnoy.stor", "spirittunek.stor", "mobbipenju.stor", "bathdoomgaz.stor", "licendfilteo.site", "dissapoiznw.stor", "clearancek.site", "studennotediw.stor"], "Build id": "4SD0y4--legendaryy"}
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: clearancek.site
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: licendfilteo.site
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: spirittunek.stor
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: bathdoomgaz.stor
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: studennotediw.stor
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: dissapoiznw.stor
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: eaglepawnoy.stor
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: mobbipenju.stor
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: clearancek.site
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: Workgroup: -
Source: 00000000.00000002.1528050746.0000000000531000.00000040.00000001.01000000.00000003.sdmp String decryptor: 4SD0y4--legendaryy
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.9:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.9:49706 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_0053D110
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_0053D110
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh 0_2_005763B8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h 0_2_0057695B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh 0_2_005799D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 0_2_0053FCA0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h 0_2_00574040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, dword ptr [edx] 0_2_00531000
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then dec ebx 0_2_0056F030
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+20h] 0_2_00546F91
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00576094
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+0Ch] 0_2_0055D1E1
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], dx 0_2_00552260
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [esi], ax 0_2_00552260
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+04h] 0_2_005442FC
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebp, eax 0_2_0053A300
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_005623E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_005623E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_005623E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], al 0_2_005623E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_005623E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+14h] 0_2_005623E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_0054D457
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx eax, word ptr [esi+ecx] 0_2_00571440
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+0Ch] 0_2_0055C470
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov dword ptr [esp], 00000000h 0_2_0054B410
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0055E40C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh 0_2_005764B8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00559510
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+04h] 0_2_00546536
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh 0_2_00577520
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h] 0_2_00538590
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_0056B650
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0055E66A
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, word ptr [edi+eax] 0_2_00577710
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00575700
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+08h] 0_2_005767EF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0055D7AF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], dx 0_2_005528E9
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h 0_2_0054D961
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h 0_2_00573920
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esi+edi] 0_2_005349A0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esi+ebx] 0_2_00535A50
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h 0_2_00574A40
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00541A3C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00541ACD
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh 0_2_00579B60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+000006B8h] 0_2_0054DB6F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h 0_2_0054DB6F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+04h] 0_2_00543BE2
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+40h] 0_2_00541BEE
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_00560B80
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h 0_2_0055EC48
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h 0_2_00557C00
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh 0_2_0056FC20
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h 0_2_0055CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_0055CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h 0_2_0055CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00579CE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh 0_2_00579CE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_0055AC91
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [edx], ax 0_2_0055AC91
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh 0_2_0055FD10
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0055DD29
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00578D8A
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, word ptr [ecx] 0_2_0055AE57
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00555E70
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00557E60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, ecx 0_2_00544E2A
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00540EEC
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+40h] 0_2_00541E93
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, word ptr [ebp+00h] 0_2_0053BEB0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp byte ptr [ebx], 00000000h 0_2_00546EBF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [ecx+esi] 0_2_00536EA0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_0056FF70
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00559F62
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00575FD6
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00538FD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [edx], 0000h 0_2_0054FFDF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h 0_2_00577FC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00577FC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+20h] 0_2_00546F91

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.9:56412 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.9:49661 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.9:51372 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.9:56555 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.9:65244 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.9:55848 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.9:61618 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.9:55152 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.9:49706 -> 172.67.206.204:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.9:49706 -> 172.67.206.204:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: eaglepawnoy.stor
Source: Malware configuration extractor URLs: spirittunek.stor
Source: Malware configuration extractor URLs: mobbipenju.stor
Source: Malware configuration extractor URLs: bathdoomgaz.stor
Source: Malware configuration extractor URLs: licendfilteo.site
Source: Malware configuration extractor URLs: dissapoiznw.stor
Source: Malware configuration extractor URLs: clearancek.site
Source: Malware configuration extractor URLs: studennotediw.stor
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.102.49.254 104.102.49.254
Source: Joe Sandbox View IP Address: 172.67.206.204 172.67.206.204
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: / https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: / https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secu equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secu equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ne' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: clearancek.site
Source: global traffic DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic DNS traffic detected: DNS query: studennotediw.store
Source: global traffic DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic DNS traffic detected: DNS query: spirittunek.store
Source: global traffic DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic DNS traffic detected: DNS query: sergei-esenin.com
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic
Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/
Source: file.exe, 00000000.00000003.1527870757.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518125314.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528599176.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/pub
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/8
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/apiA
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/p
Source: file.exe, 00000000.00000003.1518125314.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528482040.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000003.1527870757.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518125314.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528599176.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: file.exe, 00000000.00000002.1528482040.0000000000B7E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/r(I/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
Source: file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.1518055581.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.1518055581.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527774709.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.1518157522.0000000000BB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.9:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.9:49706 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00540228 0_2_00540228
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00574040 0_2_00574040
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00531000 0_2_00531000
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00542030 0_2_00542030
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057A0D0 0_2_0057A0D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00535160 0_2_00535160
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 0_2_006FA119
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005371F0 0_2_005371F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053E1A0 0_2_0053E1A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0066E20D 0_2_0066E20D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005682D0 0_2_005682D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005612D0 0_2_005612D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005312F7 0_2_005312F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006E229C 0_2_006E229C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006E5297 0_2_006E5297
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053A300 0_2_0053A300
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005623E0 0_2_005623E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005313A3 0_2_005313A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053B3A0 0_2_0053B3A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00704464 0_2_00704464
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055C470 0_2_0055C470
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005664F0 0_2_005664F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054049B 0_2_0054049B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00544487 0_2_00544487
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007DD575 0_2_007DD575
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054C5F0 0_2_0054C5F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00538590 0_2_00538590
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005335B0 0_2_005335B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00709594 0_2_00709594
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00578652 0_2_00578652
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053164F 0_2_0053164F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056F620 0_2_0056F620
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005786F0 0_2_005786F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FD741 0_2_006FD741
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053A850 0_2_0053A850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00561860 0_2_00561860
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056B8C0 0_2_0056B8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007A9892 0_2_007A9892
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056E8A0 0_2_0056E8A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006EF9CC 0_2_006EF9CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055098B 0_2_0055098B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005789A0 0_2_005789A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00574A40 0_2_00574A40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00707A14 0_2_00707A14
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00578A80 0_2_00578A80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00577AB0 0_2_00577AB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0064FA98 0_2_0064FA98
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00673B62 0_2_00673B62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00706B5D 0_2_00706B5D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054DB6F 0_2_0054DB6F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0061BB1B 0_2_0061BB1B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00537BF0 0_2_00537BF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00578C02 0_2_00578C02
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005C3CDD 0_2_005C3CDD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055CCD0 0_2_0055CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FBCBF 0_2_006FBCBF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00576CBF 0_2_00576CBF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00558D62 0_2_00558D62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055FD10 0_2_0055FD10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055DD29 0_2_0055DD29
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00700DEE 0_2_00700DEE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0055AE57 0_2_0055AE57
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00578E70 0_2_00578E70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00544E2A 0_2_00544E2A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053BEB0 0_2_0053BEB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00546EBF 0_2_00546EBF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053AF10 0_2_0053AF10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00538FD0 0_2_00538FD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00577FC0 0_2_00577FC0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0053CAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0054D300 appears 152 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9995358910891089
Source: file.exe Static PE information: Section: lkgxlqgb ZLIB complexity 0.9949261662725053
Source: classification engine Classification label: mal100.troj.evad.winEXE@1/0@10/2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00568220 CoCreateInstance, 0_2_00568220
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: file.exe Static file information: File size 1847808 > 1048576
Source: file.exe Static PE information: Raw size of lkgxlqgb is bigger than: 0x100000 < 0x199a00

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.530000.0.unpack :EW;.rsrc :W;.idata :W; :EW;lkgxlqgb:EW;oazzzkxz:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;lkgxlqgb:EW;oazzzkxz:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1d26d3 should be: 0x1c40f3
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: lkgxlqgb
Source: file.exe Static PE information: section name: oazzzkxz
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0073007D push 5625EDEEh; mov dword ptr [esp], edi 0_2_00730103
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B3057 push 2562DB96h; mov dword ptr [esp], ebx 0_2_007B30E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007E704D push 348EF671h; mov dword ptr [esp], edi 0_2_007E7067
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007E2044 push edx; mov dword ptr [esp], ecx 0_2_007E20A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00825009 push 730BCD70h; mov dword ptr [esp], ebp 0_2_0082506D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007CC0A8 push ebp; mov dword ptr [esp], eax 0_2_007CC0B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0068D161 push edi; mov dword ptr [esp], ecx 0_2_0068D189
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0068D161 push ebp; mov dword ptr [esp], edx 0_2_0068D1AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007AA162 push 28537C69h; mov dword ptr [esp], edi 0_2_007AA16A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B2153 push 463E61C5h; mov dword ptr [esp], edi 0_2_007B2174
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007B2153 push eax; mov dword ptr [esp], esi 0_2_007B218A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007C612D push ebx; mov dword ptr [esp], 7E93CA54h 0_2_007C6168
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007C612D push edx; mov dword ptr [esp], eax 0_2_007C61C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0073112E push ebx; mov dword ptr [esp], edx 0_2_00731173
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0073112E push 0CF8BAD2h; mov dword ptr [esp], esi 0_2_007311DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0073112E push eax; mov dword ptr [esp], 3606A490h 0_2_00731212
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0073112E push eax; mov dword ptr [esp], 05798048h 0_2_00731283
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push 020EC592h; mov dword ptr [esp], esi 0_2_006FA1D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push eax; mov dword ptr [esp], edx 0_2_006FA1D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push 78D4A43Fh; mov dword ptr [esp], edi 0_2_006FA2A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push 3029A238h; mov dword ptr [esp], ebx 0_2_006FA2CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push ebp; mov dword ptr [esp], 48F87CA1h 0_2_006FA36C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push ecx; mov dword ptr [esp], edx 0_2_006FA437
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push esi; mov dword ptr [esp], edi 0_2_006FA5D1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push 4D696EA0h; mov dword ptr [esp], edi 0_2_006FA640
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push 4F4BEE7Eh; mov dword ptr [esp], eax 0_2_006FA68C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push edx; mov dword ptr [esp], esi 0_2_006FA706
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push 795F3EE4h; mov dword ptr [esp], esp 0_2_006FA728
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push ebp; mov dword ptr [esp], eax 0_2_006FA752
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push 0B45EDABh; mov dword ptr [esp], esi 0_2_006FA7D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006FA119 push ecx; mov dword ptr [esp], 1FBA45EBh 0_2_006FA7D9
Source: file.exe Static PE information: section name: entropy: 7.976365850464457
Source: file.exe Static PE information: section name: lkgxlqgb entropy: 7.953726865984964

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70EFDD second address: 70EFEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jc 00007F55F92EB39Eh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70DFE0 second address: 70DFE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70E451 second address: 70E45E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jbe 00007F55F92EB396h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70E70E second address: 70E712 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70E712 second address: 70E730 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F92EB3A5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70E730 second address: 70E73C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F55F8FF8496h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70E73C second address: 70E74F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F92EB39Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 70E88B second address: 70E891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711952 second address: 711957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711957 second address: 71195D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71195D second address: 711961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711961 second address: 7119A4 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F55F8FF84A0h 0x00000012 nop 0x00000013 push esi 0x00000014 jng 00007F55F8FF849Ch 0x0000001a pop esi 0x0000001b push 00000000h 0x0000001d adc esi, 563EF3F0h 0x00000023 push B3531AFBh 0x00000028 push eax 0x00000029 push edx 0x0000002a push ecx 0x0000002b ja 00007F55F8FF8496h 0x00000031 pop ecx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711B1B second address: 711B97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jp 00007F55F92EB396h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e jmp 00007F55F92EB3A7h 0x00000013 pop esi 0x00000014 nop 0x00000015 call 00007F55F92EB3A6h 0x0000001a add dword ptr [ebp+122D1C41h], ebx 0x00000020 pop ecx 0x00000021 push 00000000h 0x00000023 mov si, di 0x00000026 call 00007F55F92EB399h 0x0000002b push ecx 0x0000002c jng 00007F55F92EB398h 0x00000032 pushad 0x00000033 popad 0x00000034 pop ecx 0x00000035 push eax 0x00000036 jmp 00007F55F92EB3A6h 0x0000003b mov eax, dword ptr [esp+04h] 0x0000003f push eax 0x00000040 push edx 0x00000041 push ebx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711B97 second address: 711B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711B9C second address: 711BB4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jno 00007F55F92EB396h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 je 00007F55F92EB396h 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711BB4 second address: 711BBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711BBA second address: 711BD6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F55F92EB396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 jnp 00007F55F92EB398h 0x00000017 push esi 0x00000018 pop esi 0x00000019 push edi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711CF2 second address: 711D15 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 pushad 0x00000009 mov edi, dword ptr [ebp+122D29A4h] 0x0000000f or edx, dword ptr [ebp+122D1A87h] 0x00000015 popad 0x00000016 push 00000000h 0x00000018 push 3DC76885h 0x0000001d push eax 0x0000001e push edx 0x0000001f push edx 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 pop edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711D15 second address: 711D6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F55F92EB396h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xor dword ptr [esp], 3DC76805h 0x00000015 call 00007F55F92EB3A8h 0x0000001a mov ecx, dword ptr [ebp+122D2A1Ch] 0x00000020 pop edi 0x00000021 push 00000003h 0x00000023 push 00000000h 0x00000025 sub dword ptr [ebp+122D2D75h], esi 0x0000002b push 00000003h 0x0000002d mov edx, dword ptr [ebp+122D28A8h] 0x00000033 push 4DECA92Eh 0x00000038 jnl 00007F55F92EB3A4h 0x0000003e push eax 0x0000003f push edx 0x00000040 push ecx 0x00000041 pop ecx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 711D6A second address: 711D6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FB7BE second address: 6FB7C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FB7C4 second address: 6FB7C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FB7C8 second address: 6FB7D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F216 second address: 72F233 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F55F8FF84A5h 0x0000000e jmp 00007F55F8FF849Dh 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F3A4 second address: 72F3B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 js 00007F55F92EB398h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F3B3 second address: 72F3D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F55F8FF849Eh 0x00000008 ja 00007F55F8FF8496h 0x0000000e popad 0x0000000f push ecx 0x00000010 jmp 00007F55F8FF849Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F579 second address: 72F59D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F55F92EB3A7h 0x0000000a jc 00007F55F92EB396h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F59D second address: 72F5A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F5A6 second address: 72F5AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F5AC second address: 72F5B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F701 second address: 72F719 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F55F92EB3A0h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F9C1 second address: 72F9CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72F9CB second address: 72F9D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72FB12 second address: 72FB18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72FB18 second address: 72FB39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F55F92EB396h 0x0000000a popad 0x0000000b pop ecx 0x0000000c pushad 0x0000000d jmp 00007F55F92EB3A1h 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7269DD second address: 726A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F55F8FF849Fh 0x0000000a js 00007F55F8FF8496h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F55F8FF849Bh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726A09 second address: 726A0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7305A1 second address: 7305B1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7305B1 second address: 7305CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7305CD second address: 7305D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7305D3 second address: 7305D8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7305D8 second address: 7305DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 730745 second address: 73074B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73074B second address: 73077B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F55F8FF8496h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F55F8FF84A1h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ebx 0x00000014 push edx 0x00000015 jbe 00007F55F8FF8496h 0x0000001b pushad 0x0000001c popad 0x0000001d pop edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 push edx 0x00000023 pop edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7308CA second address: 7308F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F55F92EB396h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F55F92EB3A8h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7308F3 second address: 7308F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7308F7 second address: 730907 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F55F92EB396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 730907 second address: 73090B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 730A39 second address: 730A6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F55F92EB3BBh 0x0000000c jmp 00007F55F92EB3A0h 0x00000011 jmp 00007F55F92EB3A5h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 700945 second address: 700954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F8FF849Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FED62 second address: 6FED73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jc 00007F55F92EB396h 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FED73 second address: 6FEDA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F55F8FF84A2h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F55F8FF84A1h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FEDA2 second address: 6FEDA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6FEDA6 second address: 6FEDBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F55F8FF84A0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C389 second address: 73C3A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 jnp 00007F55F92EB39Eh 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73C6BC second address: 73C6E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F8FF84A8h 0x00000009 jmp 00007F55F8FF84A0h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73CB13 second address: 73CB17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73CB17 second address: 73CB1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73CCCC second address: 73CCDF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F55F92EB39Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73CCDF second address: 73CCEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73CCEA second address: 73CCF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73CCF8 second address: 73CD01 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73CD01 second address: 73CD0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F55F92EB396h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73EFD2 second address: 73EFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F947 second address: 73F95C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F92EB3A1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73F9A8 second address: 73F9B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73FC99 second address: 73FC9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73FE0E second address: 73FE1A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 741252 second address: 741259 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 741259 second address: 741272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jp 00007F55F8FF849Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 741272 second address: 741278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 742168 second address: 74216C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7457D4 second address: 7457DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74659F second address: 7465B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F8FF849Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74730F second address: 747313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74A9A7 second address: 74A9AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74A9AD second address: 74A9B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74D22E second address: 74D234 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 74E7D1 second address: 74E828 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F55F92EB3A7h 0x0000000f nop 0x00000010 movsx edi, cx 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+12470BFEh], edi 0x0000001b push 00000000h 0x0000001d je 00007F55F92EB399h 0x00000023 movzx ebx, ax 0x00000026 mov di, dx 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c je 00007F55F92EB398h 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 750DB5 second address: 750DCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 je 00007F55F8FF849Ch 0x0000000d jl 00007F55F8FF8496h 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 751D0D second address: 751D11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 751D11 second address: 751D17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 753BE8 second address: 753C70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F55F92EB398h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov ebx, 50BB02EDh 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007F55F92EB398h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 00000018h 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 mov edi, dword ptr [ebp+122D2874h] 0x0000004c sub dword ptr [ebp+122D2752h], ecx 0x00000052 xchg eax, esi 0x00000053 jns 00007F55F92EB3A7h 0x00000059 jmp 00007F55F92EB3A1h 0x0000005e push eax 0x0000005f pushad 0x00000060 push ebx 0x00000061 jmp 00007F55F92EB39Eh 0x00000066 pop ebx 0x00000067 push eax 0x00000068 push edx 0x00000069 push ecx 0x0000006a pop ecx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 753C70 second address: 753C74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 752D2F second address: 752D39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F55F92EB396h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 755D38 second address: 755D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F55F8FF849Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 757D1B second address: 757D20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 756E32 second address: 756E4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F8FF84A4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 757E63 second address: 757E6D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F55F92EB39Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 758C5C second address: 758CC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 jmp 00007F55F8FF84A2h 0x0000000c nop 0x0000000d jg 00007F55F8FF849Ch 0x00000013 jp 00007F55F8FF8496h 0x00000019 push 00000000h 0x0000001b mov edi, dword ptr [ebp+122D1837h] 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push ecx 0x00000026 call 00007F55F8FF8498h 0x0000002b pop ecx 0x0000002c mov dword ptr [esp+04h], ecx 0x00000030 add dword ptr [esp+04h], 00000017h 0x00000038 inc ecx 0x00000039 push ecx 0x0000003a ret 0x0000003b pop ecx 0x0000003c ret 0x0000003d mov edi, 4CFD152Fh 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 jng 00007F55F8FF849Ch 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 758CC1 second address: 758CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 758DB9 second address: 758DBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 759D7A second address: 759D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75AC5D second address: 75AC63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 758DBD second address: 758DF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F55F92EB3A5h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F55F92EB3A3h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 758DF4 second address: 758DF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75AD99 second address: 75AD9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75AD9F second address: 75ADB4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF849Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75ADB4 second address: 75AE38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 jne 00007F55F92EB396h 0x0000000c pop ecx 0x0000000d popad 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F55F92EB398h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 call 00007F55F92EB39Ch 0x0000002e mov dword ptr [ebp+12451D2Eh], edx 0x00000034 pop edi 0x00000035 xor ebx, 4EBBAEA1h 0x0000003b push dword ptr fs:[00000000h] 0x00000042 mov bx, di 0x00000045 mov dword ptr fs:[00000000h], esp 0x0000004c mov bh, BDh 0x0000004e jmp 00007F55F92EB39Ah 0x00000053 mov eax, dword ptr [ebp+122D125Dh] 0x00000059 push FFFFFFFFh 0x0000005b push eax 0x0000005c ja 00007F55F92EB39Ch 0x00000062 pop edi 0x00000063 nop 0x00000064 push eax 0x00000065 push edx 0x00000066 jns 00007F55F92EB398h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75AE38 second address: 75AE42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F55F8FF8496h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75E35D second address: 75E37A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75AE42 second address: 75AE55 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 75AE55 second address: 75AE5B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765AC9 second address: 765ACD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765ACD second address: 765AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F55F92EB3A4h 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F55F92EB396h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765AF1 second address: 765AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765DDF second address: 765DE9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F55F92EB3ADh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765DE9 second address: 765E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F8FF84A1h 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f pop eax 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F55F8FF84A0h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765E1C second address: 765E20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765E20 second address: 765E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F55F8FF849Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 765E30 second address: 765E57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A7h 0x00000007 jo 00007F55F92EB3A2h 0x0000000d jc 00007F55F92EB396h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B2E0 second address: 76B2E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B3DD second address: 76B3E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B3E1 second address: 76B3E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B3E7 second address: 76B3FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F92EB3A2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B3FD second address: 76B468 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F55F8FF849Fh 0x00000014 jng 00007F55F8FF8496h 0x0000001a popad 0x0000001b push edx 0x0000001c jmp 00007F55F8FF84A7h 0x00000021 pop edx 0x00000022 popad 0x00000023 mov eax, dword ptr [esp+04h] 0x00000027 pushad 0x00000028 jmp 00007F55F8FF84A2h 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F55F8FF84A3h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B468 second address: 76B46C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B46C second address: 76B47E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jo 00007F55F8FF849Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B47E second address: 76B486 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B58A second address: 76B594 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B594 second address: 76B59E instructions: 0x00000000 rdtsc 0x00000002 js 00007F55F92EB39Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B676 second address: 76B697 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F55F8FF8496h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F55F8FF849Ah 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B697 second address: 76B69B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 76B69B second address: 76B6A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77111A second address: 77114C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F55F92EB39Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77087A second address: 7708B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 jmp 00007F55F8FF84A7h 0x0000000c jmp 00007F55F8FF84A2h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 push ebx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 770B84 second address: 770B92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F55F92EB396h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 770D20 second address: 770D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 770E9D second address: 770EA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F55F92EB396h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 770EA7 second address: 770EAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77AD19 second address: 77AD1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 705A66 second address: 705A78 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F55F8FF8496h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A60D second address: 77A611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A611 second address: 77A617 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A617 second address: 77A629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F55F92EB39Ah 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77A790 second address: 77A794 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78042C second address: 78043D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F55F92EB39Ah 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77EDB7 second address: 77EDBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F098 second address: 77F0AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB39Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F0AA second address: 77F0AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F4D1 second address: 77F4D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F4D9 second address: 77F4DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F4DD second address: 77F4E7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F55F92EB396h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F653 second address: 77F657 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F657 second address: 77F6BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F55F92EB3A7h 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e jbe 00007F55F92EB396h 0x00000014 jmp 00007F55F92EB3A7h 0x00000019 jmp 00007F55F92EB3A4h 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F55F92EB39Dh 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F6BA second address: 77F6BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F6BE second address: 77F6D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F55F92EB39Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F6D6 second address: 77F6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F55F8FF849Ch 0x0000000b jg 00007F55F8FF8496h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007F55F8FF8496h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F888 second address: 77F88E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F9EC second address: 77F9F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77F9F0 second address: 77FA11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a jno 00007F55F92EB398h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F55F92EB39Bh 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77FA11 second address: 77FA47 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jp 00007F55F8FF8496h 0x0000000f jmp 00007F55F8FF84A6h 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F55F8FF849Ch 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77FA47 second address: 77FA4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77FCF6 second address: 77FCFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77FCFC second address: 77FD02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77FE48 second address: 77FE4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 727400 second address: 72740A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72740A second address: 727417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jne 00007F55F8FF849Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7802BE second address: 7802CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F55F92EB396h 0x0000000a jo 00007F55F92EB396h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7802CE second address: 7802D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7802D4 second address: 7802EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F55F92EB3A6h 0x0000000e ja 00007F55F92EB39Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 77EAEE second address: 77EAFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F55F8FF8496h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 787852 second address: 787897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F92EB3A6h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F55F92EB3A7h 0x00000011 jmp 00007F55F92EB3A1h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 787897 second address: 78789B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 786745 second address: 78674A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78674A second address: 786765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F55F8FF84A1h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73DC9B second address: 73DC9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73DD3D second address: 73DD42 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73DE49 second address: 73DE81 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F55F92EB396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov dword ptr [esp], esi 0x0000000e mov cx, di 0x00000011 nop 0x00000012 jmp 00007F55F92EB3A2h 0x00000017 push eax 0x00000018 pushad 0x00000019 push ecx 0x0000001a jmp 00007F55F92EB39Ch 0x0000001f pop ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73DE81 second address: 73DE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73DE85 second address: 73DE89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73DF36 second address: 73DF3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73DF3A second address: 73DF77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 push edi 0x0000000a jnc 00007F55F92EB396h 0x00000010 pop edi 0x00000011 ja 00007F55F92EB39Ch 0x00000017 popad 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c push edi 0x0000001d jmp 00007F55F92EB3A2h 0x00000022 pop edi 0x00000023 mov eax, dword ptr [eax] 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73DF77 second address: 73DF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73DF7B second address: 73DF98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F55F92EB39Dh 0x0000000b popad 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 73DF98 second address: 73DF9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 786D24 second address: 786D2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 787267 second address: 787279 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F55F8FF849Bh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 787279 second address: 787282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 787282 second address: 787288 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 787288 second address: 78728C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78740E second address: 787418 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 789961 second address: 789967 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 789967 second address: 78996D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78996D second address: 789971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 789971 second address: 789985 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F55F8FF8496h 0x00000008 jo 00007F55F8FF8496h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 789985 second address: 789989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 789989 second address: 78998D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 789ADA second address: 789AE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78C593 second address: 78C5B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jbe 00007F55F8FF849Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 78C701 second address: 78C705 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7905E0 second address: 7905F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F55F8FF8498h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7905F2 second address: 7905F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7905F8 second address: 7905FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7905FC second address: 790642 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 popad 0x00000012 pushad 0x00000013 jns 00007F55F92EB396h 0x00000019 jmp 00007F55F92EB39Dh 0x0000001e jmp 00007F55F92EB3A1h 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 790642 second address: 790648 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 790648 second address: 79064C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 79064C second address: 790650 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 790C1B second address: 790C1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 790D94 second address: 790D99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 790D99 second address: 790D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 790D9F second address: 790DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7939F9 second address: 7939FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7939FF second address: 793A07 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 793B60 second address: 793B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 793B64 second address: 793B68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 793B68 second address: 793B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 793B6E second address: 793B80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F55F8FF8496h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 79403B second address: 794068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jnc 00007F55F92EB396h 0x00000014 popad 0x00000015 jmp 00007F55F92EB3A8h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 794068 second address: 79407A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F55F8FF849Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 798804 second address: 798818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jne 00007F55F92EB396h 0x0000000c jbe 00007F55F92EB396h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 798968 second address: 798971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 798971 second address: 798975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A0233 second address: 7A0239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A08C0 second address: 7A08CD instructions: 0x00000000 rdtsc 0x00000002 je 00007F55F92EB398h 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A1118 second address: 7A1120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A1120 second address: 7A1125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A1125 second address: 7A112B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A13DF second address: 7A13E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A13E5 second address: 7A13E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A13E9 second address: 7A13ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A16D2 second address: 7A16D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A16D6 second address: 7A16DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A16DF second address: 7A16E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A16E7 second address: 7A16EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A19AA second address: 7A19C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F55F8FF8496h 0x0000000a pop edi 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jc 00007F55F8FF8496h 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A19C2 second address: 7A19F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A2h 0x00000007 jmp 00007F55F92EB3A5h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F55F92EB39Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A1CC7 second address: 7A1CE6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F55F8FF8498h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F55F8FF849Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A4F6F second address: 7A4F75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A54A2 second address: 7A54A8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A54A8 second address: 7A54B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A54B1 second address: 7A54DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F55F8FF8496h 0x0000000a jmp 00007F55F8FF84A8h 0x0000000f popad 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A54DA second address: 7A551B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB39Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007F55F92EB3ABh 0x0000000f jmp 00007F55F92EB39Bh 0x00000014 je 00007F55F92EB39Eh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7A5679 second address: 7A569C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edx 0x00000006 jmp 00007F55F8FF84A6h 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7AA0DA second address: 7AA0EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB3A1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B32DE second address: 7B32E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B32E3 second address: 7B32E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B32E9 second address: 7B32ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B12FB second address: 7B1303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B1444 second address: 7B144A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B144A second address: 7B145A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F55F92EB396h 0x00000008 je 00007F55F92EB396h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B145A second address: 7B1470 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF849Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B1470 second address: 7B1474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B1474 second address: 7B147A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B175D second address: 7B1761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B1761 second address: 7B176B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F55F8FF8496h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B18EA second address: 7B18F4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F55F92EB396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B1A3C second address: 7B1A42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B1B97 second address: 7B1B9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B2031 second address: 7B205A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F55F8FF849Ch 0x0000000e jmp 00007F55F8FF84A2h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B205A second address: 7B207C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 jmp 00007F55F92EB3A5h 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B207C second address: 7B2080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B287B second address: 7B287F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B287F second address: 7B2885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B2885 second address: 7B288B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B288B second address: 7B2890 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B57AE second address: 7B57B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B57B2 second address: 7B57CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B9D2B second address: 7B9D2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7B9D2F second address: 7B9D33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C5D4F second address: 7C5D71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 jmp 00007F55F92EB3A7h 0x0000000c popad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C5D71 second address: 7C5D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C5D77 second address: 7C5D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C5D83 second address: 7C5D9F instructions: 0x00000000 rdtsc 0x00000002 js 00007F55F8FF8496h 0x00000008 jmp 00007F55F8FF849Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C5D9F second address: 7C5DA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C5EFE second address: 7C5F1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F55F8FF84A6h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C914B second address: 7C9175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop esi 0x0000000c jmp 00007F55F92EB3A9h 0x00000011 popad 0x00000012 push edx 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C8FAE second address: 7C8FB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C8FB2 second address: 7C8FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7C8FBC second address: 7C8FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CBDC1 second address: 7CBDCB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F55F92EB396h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CB8B7 second address: 7CB8CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CB8CE second address: 7CB8F8 instructions: 0x00000000 rdtsc 0x00000002 js 00007F55F92EB3A2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F55F92EB39Fh 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CB8F8 second address: 7CB913 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CBAAA second address: 7CBAAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CBAAE second address: 7CBAB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CBAB4 second address: 7CBABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7CBABA second address: 7CBAC1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7D2647 second address: 7D264B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7D264B second address: 7D26A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A8h 0x00000007 jmp 00007F55F8FF84A0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e je 00007F55F8FF84B4h 0x00000014 jmp 00007F55F8FF84A8h 0x00000019 jng 00007F55F8FF8496h 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7D26A0 second address: 7D26A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7D26A6 second address: 7D26CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jne 00007F55F8FF8496h 0x00000010 push edx 0x00000011 pop edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7D26CC second address: 7D26DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jc 00007F55F92EB396h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7D26DA second address: 7D26EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F55F8FF8496h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E178F second address: 7E17A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F55F92EB3A1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E1BEA second address: 7E1C05 instructions: 0x00000000 rdtsc 0x00000002 je 00007F55F8FF849Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jc 00007F55F8FF849Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E1D3D second address: 7E1D57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB39Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F55F92EB396h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E1ED2 second address: 7E1EDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E1EDB second address: 7E1EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E2A85 second address: 7E2ABA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F55F8FF84A7h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F55F8FF84A0h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E6755 second address: 7E6766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F92EB39Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E6286 second address: 7E62A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E62A4 second address: 7E62C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB39Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F55F92EB39Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E62C4 second address: 7E62CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E6458 second address: 7E6481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F92EB39Bh 0x00000009 pop edi 0x0000000a push edi 0x0000000b jmp 00007F55F92EB3A5h 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7E6481 second address: 7E6491 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF849Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F63C7 second address: 7F63CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7F63CC second address: 7F63D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FAF82 second address: 7FAFB7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F55F92EB3A5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ebx 0x0000000d push esi 0x0000000e jmp 00007F55F92EB3A5h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FAFB7 second address: 7FAFC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F55F8FF8496h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FAFC6 second address: 7FAFCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FAFCA second address: 7FAFCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FC644 second address: 7FC661 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F55F92EB3A4h 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FC661 second address: 7FC66A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7FC66A second address: 7FC69B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F92EB39Dh 0x00000007 jnl 00007F55F92EB396h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F55F92EB3A5h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80BE82 second address: 80BE9E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F55F8FF84A7h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80BE9E second address: 80BEAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007F55F92EB396h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80BEAD second address: 80BEC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F55F8FF8496h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80BEC0 second address: 80BEC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80BEC6 second address: 80BECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 80BECA second address: 80BECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 825793 second address: 8257B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F8FF84A8h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8257B0 second address: 8257D0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F55F92EB3A2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007F55F92EB398h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8257D0 second address: 8257E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F55F8FF849Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8245F8 second address: 82460E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F55F92EB3A1h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 824797 second address: 82479D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82479D second address: 8247A7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F55F92EB396h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82492B second address: 82493A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F8FF849Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82493A second address: 824942 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 824942 second address: 824955 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jns 00007F55F8FF8496h 0x00000009 jnc 00007F55F8FF8496h 0x0000000f pop ebx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 824A9C second address: 824AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jns 00007F55F92EB3AEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 824AAB second address: 824AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F55F8FF84A2h 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 824F14 second address: 824F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F55F92EB396h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8250B9 second address: 8250BE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 825473 second address: 8254A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F55F92EB3A7h 0x00000008 jmp 00007F55F92EB3A3h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8254A4 second address: 8254CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F55F8FF84ACh 0x0000000b jmp 00007F55F8FF84A4h 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8254CC second address: 8254F5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F55F92EB3A9h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F55F92EB396h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8254F5 second address: 8254F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8254F9 second address: 8254FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 829876 second address: 82987C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82987C second address: 829880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82B302 second address: 82B31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F55F8FF84A1h 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A50DB8 second address: 4A50DFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 call 00007F55F92EB3A3h 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ecx, dword ptr [eax+00000FDCh] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push eax 0x00000018 pop edx 0x00000019 pushfd 0x0000001a jmp 00007F55F92EB39Ch 0x0000001f or cx, 2F98h 0x00000024 jmp 00007F55F92EB39Bh 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A50DFE second address: 4A50E54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F55F8FF84A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b jmp 00007F55F8FF849Eh 0x00000010 jns 00007F55F8FF850Fh 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F55F8FF849Eh 0x0000001d and ah, 00000058h 0x00000020 jmp 00007F55F8FF849Bh 0x00000025 popfd 0x00000026 push eax 0x00000027 push edx 0x00000028 mov al, 0Fh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A50E54 second address: 4A50E65 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add eax, ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c mov ebx, 6CE451CCh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4A50E65 second address: 4A50EF9 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F55F8FF84A5h 0x00000008 or cx, 52A6h 0x0000000d jmp 00007F55F8FF84A1h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 call 00007F55F8FF84A0h 0x0000001a mov ebx, esi 0x0000001c pop eax 0x0000001d popad 0x0000001e mov eax, dword ptr [eax+00000860h] 0x00000024 pushad 0x00000025 jmp 00007F55F8FF84A6h 0x0000002a popad 0x0000002b test eax, eax 0x0000002d pushad 0x0000002e mov ebx, eax 0x00000030 mov bx, si 0x00000033 popad 0x00000034 je 00007F566996E324h 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d mov bh, 9Fh 0x0000003f pushfd 0x00000040 jmp 00007F55F8FF849Ah 0x00000045 sub cx, 0D08h 0x0000004a jmp 00007F55F8FF849Bh 0x0000004f popfd 0x00000050 popad 0x00000051 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 736D19 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 7606F6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 593ADB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 7BF6EC instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 4648 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1528482040.0000000000B3E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.1528629793.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1518096285.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1527802392.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWCRf.
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00575BB0 LdrInitializeThunk, 0_2_00575BB0

HIPS / PFW / Operating System Protection Evasion
barindex
LummaC encrypted strings found
Source: file.exe String found in binary or memory: clearancek.site
Source: file.exe String found in binary or memory: licendfilteo.site
Source: file.exe String found in binary or memory: spirittunek.stor
Source: file.exe String found in binary or memory: bathdoomgaz.stor
Source: file.exe String found in binary or memory: studennotediw.stor
Source: file.exe String found in binary or memory: dissapoiznw.stor
Source: file.exe String found in binary or memory: eaglepawnoy.stor
Source: file.exe String found in binary or memory: mobbipenju.stor
Source: file.exe, 00000000.00000002.1528082896.0000000000715000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: ]Program Manager
Source: file.exe Binary or memory string: (S]Program Manager
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528485 Sample: file.exe Startdate: 08/10/2024 Architecture: WINDOWS Score: 100 10 sergei-esenin.com 2->10 12 licendfilteo.site 2->12 14 8 other IPs or domains 2->14 20 Suricata IDS alerts for network traffic 2->20 22 Found malware configuration 2->22 24 Antivirus detection for URL or domain 2->24 26 8 other signatures 2->26 6 file.exe 2->6         started        signatures3 process4 dnsIp5 16 sergei-esenin.com 172.67.206.204, 443, 49706 CLOUDFLARENETUS United States 6->16 18 steamcommunity.com 104.102.49.254, 443, 49705 AKAMAI-ASUS United States 6->18 28 Detected unpacking (changes PE section rights) 6->28 30 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->30 32 Tries to evade debugger and weak emulator (self modifying code) 6->32 34 4 other signatures 6->34 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.102.49.254
 steamcommunity.com United States
16625 AKAMAI-ASUS false
172.67.206.204
 sergei-esenin.com United States
13335 CLOUDFLARENETUS true

Contacted Domains

Name IP Active
steamcommunity.com 104.102.49.254 true
sergei-esenin.com 172.67.206.204 true
eaglepawnoy.store unknown unknown
bathdoomgaz.store unknown unknown
spirittunek.store unknown unknown
licendfilteo.site unknown unknown
studennotediw.store unknown unknown
mobbipenju.store unknown unknown
clearancek.site unknown unknown
dissapoiznw.store unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
studennotediw.stor true
    		unknown
    mobbipenju.stor true
      		unknown
      https://steamcommunity.com/profiles/76561199724331900 true
      • URL Reputation: malware
      		 unknown
      bathdoomgaz.stor true
        		unknown
        dissapoiznw.stor true
          		unknown
          spirittunek.stor true
            		unknown
            eaglepawnoy.stor true
              		unknown
              clearancek.site true
                		unknown
                licendfilteo.site true
                  		unknown
                  https://sergei-esenin.com/api true
                    		unknown