Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1530694
MD5: 9ca76584366a4a0a5fc35324672f22af
SHA1: b22c6cd8e976b11e67b548d4df93f8253cf53a20
SHA256: 3289ba8ea3f0dad99f413df7fef1b6d18063978d4ad49f9526347aaa093166b7
Tags: exeuser-Bitsight
Infos:

Detection

LummaC
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: https://steamcommunity.com/profiles/76561199724331900 URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/ URL Reputation: Label: malware
Found malware configuration
Source: file.exe.2412.0.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["mobbipenju.store", "spirittunek.store", "dissapoiznw.store", "licendfilteo.site", "studennotediw.store", "bathdoomgaz.store", "eaglepawnoy.store", "clearancek.site"], "Build id": "4SD0y4--legendaryy"}
Multi AV Scanner detection for domain / URL
Source: sergei-esenin.com Virustotal: Detection: 16% Perma Link
Source: eaglepawnoy.store Virustotal: Detection: 18% Perma Link
Source: spirittunek.store Virustotal: Detection: 18% Perma Link
Source: mobbipenju.store Virustotal: Detection: 17% Perma Link
Source: bathdoomgaz.store Virustotal: Detection: 17% Perma Link
Source: clearancek.site Virustotal: Detection: 17% Perma Link
Source: studennotediw.store Virustotal: Detection: 17% Perma Link
Source: dissapoiznw.store Virustotal: Detection: 17% Perma Link
Source: licendfilteo.site Virustotal: Detection: 15% Perma Link
Source: studennotediw.store Virustotal: Detection: 17% Perma Link
Source: dissapoiznw.store Virustotal: Detection: 17% Perma Link
Source: eaglepawnoy.store Virustotal: Detection: 18% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: clearancek.site
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: licendfilteo.site
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: spirittunek.store
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: studennotediw.store
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: dissapoiznw.store
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: mobbipenju.store
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: clearancek.site
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: Workgroup: -
Source: 00000000.00000002.2099588069.0000000000701000.00000040.00000001.01000000.00000003.sdmp String decryptor: 4SD0y4--legendaryy
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49707 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_0070D110
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_0070D110
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh 0_2_007463B8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00745700
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h 0_2_0074695B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh 0_2_007499D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 0_2_0070FCA0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00710EEC
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h 0_2_00744040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then dec ebx 0_2_0073F030
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+20h] 0_2_00716F91
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, dword ptr [edx] 0_2_00701000
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00746094
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+0Ch] 0_2_0072D1E1
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], dx 0_2_00722260
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [esi], ax 0_2_00722260
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+04h] 0_2_007142FC
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebp, eax 0_2_0070A300
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_007323E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_007323E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_007323E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], al 0_2_007323E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_007323E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+14h] 0_2_007323E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+0Ch] 0_2_0072C470
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_0071D457
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx eax, word ptr [esi+ecx] 0_2_00741440
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov dword ptr [esp], 00000000h 0_2_0071B410
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0072E40C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh 0_2_007464B8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+04h] 0_2_00716536
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh 0_2_00747520
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00729510
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h] 0_2_00708590
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0072E66A
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_0073B650
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, word ptr [edi+eax] 0_2_00747710
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+08h] 0_2_007467EF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0072D7AF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], dx 0_2_007228E9
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h 0_2_0071D961
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h 0_2_00743920
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esi+edi] 0_2_007049A0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esi+ebx] 0_2_00705A50
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h 0_2_00744A40
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00711A3C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00711ACD
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh 0_2_00749B60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+000006B8h] 0_2_0071DB6F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h 0_2_0071DB6F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+04h] 0_2_00713BE2
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+40h] 0_2_00711BEE
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_00730B80
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h 0_2_0072EC48
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh 0_2_0073FC20
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h 0_2_00727C00
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00749CE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh 0_2_00749CE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h 0_2_0072CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_0072CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h 0_2_0072CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_0072AC91
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [edx], ax 0_2_0072AC91
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0072DD29
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh 0_2_0072FD10
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00748D8A
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00725E70
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00727E60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, word ptr [ecx] 0_2_0072AE57
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, ecx 0_2_00714E2A
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, word ptr [ebp+00h] 0_2_0070BEB0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp byte ptr [ebx], 00000000h 0_2_00716EBF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [ecx+esi] 0_2_00706EA0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+40h] 0_2_00711E93
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_0073FF70
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00729F62
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00708FD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00745FD6
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [edx], 0000h 0_2_0071FFDF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h 0_2_00747FC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00747FC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+20h] 0_2_00716F91

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.5:62583 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.5:60511 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.5:58535 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.5:61191 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.5:57161 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.5:63154 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.5:61615 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.5:50479 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49706 -> 104.102.49.254:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49707 -> 172.67.206.204:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49707 -> 172.67.206.204:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: mobbipenju.store
Source: Malware configuration extractor URLs: spirittunek.store
Source: Malware configuration extractor URLs: dissapoiznw.store
Source: Malware configuration extractor URLs: licendfilteo.site
Source: Malware configuration extractor URLs: studennotediw.store
Source: Malware configuration extractor URLs: bathdoomgaz.store
Source: Malware configuration extractor URLs: eaglepawnoy.store
Source: Malware configuration extractor URLs: clearancek.site
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.102.49.254 104.102.49.254
Source: Joe Sandbox View IP Address: 172.67.206.204 172.67.206.204
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: AKAMAI-ASUS AKAMAI-ASUS
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=f4e6b54f4f86c8f1989ddb9b; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 10 Oct 2024 10:05:05 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: clearancek.site
Source: global traffic DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic DNS traffic detected: DNS query: studennotediw.store
Source: global traffic DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic DNS traffic detected: DNS query: spirittunek.store
Source: global traffic DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic DNS traffic detected: DNS query: sergei-esenin.com
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb
Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akam
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akam=S
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akama0Q
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/pu
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/puQ
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/p
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=engli
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascri
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Gu9gs5hf
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=M7aU
Source: file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isF
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDq
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_com
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=IZH_ONwLX4kw&l=e
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_s
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=
Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.2081999136.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081775776.0000000001343000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000003.2081775776.000000000132E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100358321.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081999136.0000000001383000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000002.2100236403.000000000132E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/api3
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100358321.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081999136.0000000001383000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/api;
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000002.2100236403.0000000001343000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081775776.0000000001343000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/Q
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/h
Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wish
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.2100236403.0000000001343000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081775776.0000000001343000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steam
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowe
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampower
Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
Source: file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/ne
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013B6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100399719.00000000013BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://studennotediw.store/apiS
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.2072046452.0000000001383000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081357113.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082091302.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072114175.00000000013BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.206.204:443 -> 192.168.2.5:49707 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00710228 0_2_00710228
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00744040 0_2_00744040
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00712030 0_2_00712030
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007DD034 0_2_007DD034
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00701000 0_2_00701000
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0074A0D0 0_2_0074A0D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00705160 0_2_00705160
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E410E 0_2_008E410E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007071F0 0_2_007071F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008DB105 0_2_008DB105
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0070E1A0 0_2_0070E1A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007012F7 0_2_007012F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007382D0 0_2_007382D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007312D0 0_2_007312D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0070A300 0_2_0070A300
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007323E0 0_2_007323E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0070B3A0 0_2_0070B3A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007013A3 0_2_007013A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0072C470 0_2_0072C470
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007F6408 0_2_007F6408
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007364F0 0_2_007364F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E546C 0_2_008E546C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0071049B 0_2_0071049B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00714487 0_2_00714487
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0071C5F0 0_2_0071C5F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007035B0 0_2_007035B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00864549 0_2_00864549
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00708590 0_2_00708590
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00748652 0_2_00748652
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0070164F 0_2_0070164F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0073F620 0_2_0073F620
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007486F0 0_2_007486F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008D9670 0_2_008D9670
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00731860 0_2_00731860
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0070A850 0_2_0070A850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0073B8C0 0_2_0073B8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0073E8A0 0_2_0073E8A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007489A0 0_2_007489A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E0954 0_2_008E0954
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0072098B 0_2_0072098B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00744A40 0_2_00744A40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00747AB0 0_2_00747AB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00748A80 0_2_00748A80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0071DB6F 0_2_0071DB6F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00707BF0 0_2_00707BF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E8B1C 0_2_008E8B1C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00748C02 0_2_00748C02
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0072CCD0 0_2_0072CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008DCC46 0_2_008DCC46
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00746CBF 0_2_00746CBF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007A6CA6 0_2_007A6CA6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00865C66 0_2_00865C66
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00728D62 0_2_00728D62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0072DD29 0_2_0072DD29
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0072FD10 0_2_0072FD10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00748E70 0_2_00748E70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0072AE57 0_2_0072AE57
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00714E2A 0_2_00714E2A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00911E12 0_2_00911E12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0070BEB0 0_2_0070BEB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00716EBF 0_2_00716EBF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0079FF22 0_2_0079FF22
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0070AF10 0_2_0070AF10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00708FD0 0_2_00708FD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00747FC0 0_2_00747FC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007F4F99 0_2_007F4F99
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0070CAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0071D300 appears 152 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9994972153465347
Source: file.exe Static PE information: Section: bkzyowgo ZLIB complexity 0.9946315081039077
Source: classification engine Classification label: mal100.troj.evad.winEXE@1/0@10/2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00738220 CoCreateInstance, 0_2_00738220
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: file.exe Static file information: File size 1900032 > 1048576
Source: file.exe Static PE information: Raw size of bkzyowgo is bigger than: 0x100000 < 0x1a6400

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.700000.0.unpack :EW;.rsrc :W;.idata :W; :EW;bkzyowgo:EW;deoenquv:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;bkzyowgo:EW;deoenquv:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1d560f should be: 0x1d7787
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: bkzyowgo
Source: file.exe Static PE information: section name: deoenquv
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00911088 push ecx; mov dword ptr [esp], ebx 0_2_009110BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00911088 push 1113BB34h; mov dword ptr [esp], eax 0_2_009110E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007DD034 push ebx; mov dword ptr [esp], edx 0_2_007DD0FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007DD034 push esi; mov dword ptr [esp], eax 0_2_007DD10E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007DD034 push edx; mov dword ptr [esp], edi 0_2_007DD114
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007DD034 push 61F420E0h; mov dword ptr [esp], esp 0_2_007DD17C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007DD034 push 41627580h; mov dword ptr [esp], eax 0_2_007DD1CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007DD034 push edx; mov dword ptr [esp], edi 0_2_007DD26A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007DD034 push 24DCB739h; mov dword ptr [esp], edi 0_2_007DD285
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007DD034 push edi; mov dword ptr [esp], 7E7E19CDh 0_2_007DD289
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007DD034 push 795B245Bh; mov dword ptr [esp], eax 0_2_007DD305
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009D30C1 push ebp; mov dword ptr [esp], 40B7DF80h 0_2_009D3267
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DB05C push 01AAD1A4h; mov dword ptr [esp], edi 0_2_009DB065
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009DB05C push edi; mov dword ptr [esp], ebp 0_2_009DB869
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0096905A push esi; mov dword ptr [esp], edx 0_2_009690BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0094E069 push ecx; mov dword ptr [esp], 2DDCC1C5h 0_2_0094E07A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0094E069 push ecx; mov dword ptr [esp], eax 0_2_0094E0AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0094E069 push edi; mov dword ptr [esp], ebx 0_2_0094E168
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0079C172 push 251335ECh; mov dword ptr [esp], eax 0_2_0079C1DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0079C172 push 354EE8CDh; mov dword ptr [esp], eax 0_2_0079C222
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0079C172 push edx; mov dword ptr [esp], 421358E1h 0_2_0079C24B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009651AD push 51689985h; mov dword ptr [esp], ecx 0_2_009651D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009861D9 push eax; mov dword ptr [esp], edx 0_2_00986591
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009861D9 push 064BFE0Ah; mov dword ptr [esp], ebp 0_2_0098659B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BC41D3 push ebx; mov dword ptr [esp], eax 0_2_00BC4225
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008FC1F0 push eax; mov dword ptr [esp], edi 0_2_008FDFDC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E410E push ebx; mov dword ptr [esp], 223B8900h 0_2_008E416B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E410E push ecx; mov dword ptr [esp], 5B932B78h 0_2_008E41A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E410E push ebx; mov dword ptr [esp], 09BD64B0h 0_2_008E41F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E410E push edx; mov dword ptr [esp], esp 0_2_008E4205
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E410E push edx; mov dword ptr [esp], ebp 0_2_008E4260
Source: file.exe Static PE information: section name: entropy: 7.97935522499184
Source: file.exe Static PE information: section name: bkzyowgo entropy: 7.954782585789858

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8ED9D2 second address: 8ED9E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F71106F0266h 0x0000000a jmp 00007F71106F026Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8DE34A second address: 8DE358 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F711103FB36h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F0132 second address: 8F01B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pop eax 0x00000007 jmp 00007F71106F0275h 0x0000000c push 00000003h 0x0000000e mov cx, E9E7h 0x00000012 push 00000000h 0x00000014 sub dword ptr [ebp+122D2E85h], esi 0x0000001a push 00000003h 0x0000001c sub dword ptr [ebp+122D1857h], eax 0x00000022 push 9F6D0F20h 0x00000027 jp 00007F71106F0276h 0x0000002d jmp 00007F71106F0270h 0x00000032 xor dword ptr [esp], 5F6D0F20h 0x00000039 sub dword ptr [ebp+122D1E71h], eax 0x0000003f lea ebx, dword ptr [ebp+1245FF90h] 0x00000045 push 00000000h 0x00000047 push esi 0x00000048 call 00007F71106F0268h 0x0000004d pop esi 0x0000004e mov dword ptr [esp+04h], esi 0x00000052 add dword ptr [esp+04h], 00000014h 0x0000005a inc esi 0x0000005b push esi 0x0000005c ret 0x0000005d pop esi 0x0000005e ret 0x0000005f xchg eax, ebx 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 jnp 00007F71106F0266h 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F01B9 second address: 8F01C3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F022D second address: 8F0247 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0276h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F0247 second address: 8F0251 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F711103FB3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F0251 second address: 8F02ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 3A50ED44h 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F71106F0268h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 mov edx, 6EC451EDh 0x0000002c push 00000003h 0x0000002e mov cl, 3Bh 0x00000030 push 00000000h 0x00000032 and edx, dword ptr [ebp+122D2AECh] 0x00000038 push 00000003h 0x0000003a mov dword ptr [ebp+122D1BD4h], edi 0x00000040 push C79E2E80h 0x00000045 pushad 0x00000046 pushad 0x00000047 push esi 0x00000048 pop esi 0x00000049 push eax 0x0000004a pop eax 0x0000004b popad 0x0000004c push esi 0x0000004d push ecx 0x0000004e pop ecx 0x0000004f pop esi 0x00000050 popad 0x00000051 xor dword ptr [esp], 079E2E80h 0x00000058 jl 00007F71106F026Bh 0x0000005e jc 00007F71106F0276h 0x00000064 jmp 00007F71106F0270h 0x00000069 lea ebx, dword ptr [ebp+1245FF99h] 0x0000006f mov dword ptr [ebp+122D1BD4h], esi 0x00000075 xchg eax, ebx 0x00000076 push eax 0x00000077 push edx 0x00000078 jg 00007F71106F026Ch 0x0000007e jbe 00007F71106F0266h 0x00000084 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F03BD second address: 8F03C3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F03C3 second address: 8F03C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F03C9 second address: 8F03CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F03CD second address: 8F047D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edi 0x0000000f nop 0x00000010 mov dword ptr [ebp+122D2E59h], ecx 0x00000016 push 00000000h 0x00000018 and ecx, dword ptr [ebp+122D2BC4h] 0x0000001e push 689B03D5h 0x00000023 jmp 00007F71106F0272h 0x00000028 xor dword ptr [esp], 689B0355h 0x0000002f pushad 0x00000030 jmp 00007F71106F0276h 0x00000035 mov edx, esi 0x00000037 popad 0x00000038 push 00000003h 0x0000003a mov dword ptr [ebp+122D1BD4h], edx 0x00000040 push 00000000h 0x00000042 mov dword ptr [ebp+122D22CFh], ecx 0x00000048 push 00000003h 0x0000004a mov ecx, dword ptr [ebp+122D29ECh] 0x00000050 call 00007F71106F0269h 0x00000055 jmp 00007F71106F0272h 0x0000005a push eax 0x0000005b jg 00007F71106F0278h 0x00000061 mov eax, dword ptr [esp+04h] 0x00000065 push eax 0x00000066 push edx 0x00000067 push eax 0x00000068 push edx 0x00000069 jnp 00007F71106F0266h 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F047D second address: 8F0483 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F0483 second address: 8F04A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0272h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jnl 00007F71106F0266h 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8F04A5 second address: 8F0501 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jmp 00007F711103FB45h 0x00000012 pop eax 0x00000013 add esi, dword ptr [ebp+122D293Ch] 0x00000019 lea ebx, dword ptr [ebp+1245FFA4h] 0x0000001f push ecx 0x00000020 mov edi, dword ptr [ebp+122D2A58h] 0x00000026 pop edi 0x00000027 xchg eax, ebx 0x00000028 push eax 0x00000029 jmp 00007F711103FB45h 0x0000002e pop eax 0x0000002f push eax 0x00000030 push ebx 0x00000031 push ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 902BD8 second address: 902C0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0275h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d jmp 00007F71106F0278h 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 911970 second address: 911974 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 911974 second address: 91197A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91197A second address: 911982 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 911982 second address: 911986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8E4F75 second address: 8E4F86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8E4F86 second address: 8E4FA0 instructions: 0x00000000 rdtsc 0x00000002 je 00007F71106F0275h 0x00000008 jmp 00007F71106F026Fh 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90F82B second address: 90F82F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90F82F second address: 90F843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F71106F0266h 0x0000000e je 00007F71106F0266h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90F843 second address: 90F865 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F711103FB44h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90F865 second address: 90F86B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90FA1D second address: 90FA46 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F711103FB49h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F711103FB3Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90FB7F second address: 90FBA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007F71106F0266h 0x0000000d ja 00007F71106F0266h 0x00000013 push edx 0x00000014 pop edx 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 push esi 0x00000019 ja 00007F71106F0266h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90FBA0 second address: 90FBC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jmp 00007F711103FB44h 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F711103FB3Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90FBC8 second address: 90FBD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 jbe 00007F71106F026Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90FCEE second address: 90FD06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90FD06 second address: 90FD0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90FD0A second address: 90FD0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 90FE7E second address: 90FE86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91055D second address: 9105A1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F711103FB3Fh 0x00000008 jmp 00007F711103FB3Ch 0x0000000d pop edx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jc 00007F711103FB38h 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F711103FB49h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 910719 second address: 910735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007F71106F026Ch 0x0000000d je 00007F71106F0266h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 910735 second address: 91073A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91073A second address: 910744 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91089C second address: 9108A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9109EA second address: 9109EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9109EE second address: 9109F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9109F4 second address: 910A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 911269 second address: 911282 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB41h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 911282 second address: 911296 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0270h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9155A9 second address: 9155AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9155AD second address: 9155B3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9155B3 second address: 9155B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9155B9 second address: 9155BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9155BD second address: 9155CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9155CB second address: 9155D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9155D2 second address: 9155D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 916689 second address: 916699 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F71106F026Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 916699 second address: 9166C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jnl 00007F711103FB45h 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jnc 00007F711103FB36h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9166C4 second address: 9166DD instructions: 0x00000000 rdtsc 0x00000002 je 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 je 00007F71106F0266h 0x00000018 pop edi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91C4CD second address: 91C4DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F711103FB36h 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91C4DA second address: 91C4F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F71106F0272h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91C4F8 second address: 91C4FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91B90D second address: 91B949 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F026Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnp 00007F71106F0266h 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 push ebx 0x00000014 pushad 0x00000015 popad 0x00000016 pop ebx 0x00000017 jo 00007F71106F026Eh 0x0000001d jp 00007F71106F0266h 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a push edx 0x0000002b pop edx 0x0000002c je 00007F71106F0266h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91B949 second address: 91B973 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB48h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F711103FB3Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91B973 second address: 91B978 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91B978 second address: 91B980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91BAF0 second address: 91BB04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F0270h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91BB04 second address: 91BB32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB42h 0x00000007 jmp 00007F711103FB3Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e js 00007F711103FB55h 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91BD9A second address: 91BDA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91C041 second address: 91C047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91C372 second address: 91C376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91D7C5 second address: 91D7CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91D7CE second address: 91D7D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91D7D2 second address: 91D7D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91D884 second address: 91D8A2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F71106F026Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 jp 00007F71106F0266h 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91D8A2 second address: 91D8AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F711103FB36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91D8AC second address: 91D8C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F026Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 jnp 00007F71106F0266h 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91D8C9 second address: 91D8E2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F711103FB3Ch 0x00000008 jng 00007F711103FB36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91D8E2 second address: 91D8E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91DB67 second address: 91DB71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F711103FB36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91E516 second address: 91E538 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0274h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91EAC4 second address: 91EAD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91EAD1 second address: 91EAD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91EAD5 second address: 91EADF instructions: 0x00000000 rdtsc 0x00000002 jno 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 91F029 second address: 91F08C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jmp 00007F71106F0279h 0x0000000d nop 0x0000000e mov dword ptr [ebp+122D1BB8h], eax 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007F71106F0268h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 00000014h 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 jmp 00007F71106F0270h 0x00000037 xchg eax, ebx 0x00000038 push ebx 0x00000039 pushad 0x0000003a jbe 00007F71106F0266h 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9215CC second address: 9215D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 924269 second address: 92427E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F026Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 927246 second address: 92724A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9277C9 second address: 927838 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b js 00007F71106F0266h 0x00000011 pop ecx 0x00000012 popad 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007F71106F0268h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 00000014h 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e mov ebx, dword ptr [ebp+122D1976h] 0x00000034 mov dword ptr [ebp+124616D0h], esi 0x0000003a push 00000000h 0x0000003c mov ebx, dword ptr [ebp+122D28F0h] 0x00000042 push 00000000h 0x00000044 je 00007F71106F0266h 0x0000004a xchg eax, esi 0x0000004b jmp 00007F71106F0278h 0x00000050 push eax 0x00000051 push esi 0x00000052 jng 00007F71106F026Ch 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 929734 second address: 929738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 929738 second address: 92977D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F71106F0266h 0x00000008 jmp 00007F71106F026Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 jmp 00007F71106F0278h 0x00000015 ja 00007F71106F0266h 0x0000001b pop edi 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jnl 00007F71106F0266h 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92977D second address: 929789 instructions: 0x00000000 rdtsc 0x00000002 je 00007F711103FB36h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 929789 second address: 92978F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92978F second address: 929795 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 929795 second address: 929799 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 929799 second address: 92979F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92AC8E second address: 92ACC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F71106F026Ch 0x0000000a popad 0x0000000b nop 0x0000000c sub ebx, 44763903h 0x00000012 push 00000000h 0x00000014 mov dword ptr [ebp+122D17F2h], ecx 0x0000001a push 00000000h 0x0000001c mov bx, cx 0x0000001f xchg eax, esi 0x00000020 push ebx 0x00000021 pushad 0x00000022 jmp 00007F71106F026Dh 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 929F0B second address: 929F13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92ACC5 second address: 92ACD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F71106F0266h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92D2D6 second address: 92D34A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F711103FB38h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 and di, 4876h 0x0000002b push 00000000h 0x0000002d jmp 00007F711103FB3Ch 0x00000032 push 00000000h 0x00000034 mov bx, si 0x00000037 xchg eax, esi 0x00000038 push ecx 0x00000039 jg 00007F711103FB42h 0x0000003f pop ecx 0x00000040 push eax 0x00000041 push edi 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92D34A second address: 92D34E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92E1FF second address: 92E203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92E203 second address: 92E248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a sub dword ptr [ebp+122D389Ch], ecx 0x00000010 mov bx, dx 0x00000013 push 00000000h 0x00000015 xor dword ptr [ebp+1248325Fh], ebx 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007F71106F0268h 0x00000025 pop esi 0x00000026 mov dword ptr [esp+04h], esi 0x0000002a add dword ptr [esp+04h], 00000019h 0x00000032 inc esi 0x00000033 push esi 0x00000034 ret 0x00000035 pop esi 0x00000036 ret 0x00000037 xchg eax, esi 0x00000038 push eax 0x00000039 push edx 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d pop edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92E248 second address: 92E252 instructions: 0x00000000 rdtsc 0x00000002 js 00007F711103FB3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92F481 second address: 92F487 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9311E9 second address: 931208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F711103FB43h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 931208 second address: 93120C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 93120C second address: 931260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov ebx, dword ptr [ebp+122D1D17h] 0x0000000e push 00000000h 0x00000010 adc bh, 00000020h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007F711103FB38h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000015h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f mov ebx, 59A44051h 0x00000034 push eax 0x00000035 pushad 0x00000036 jmp 00007F711103FB48h 0x0000003b push ebx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 932343 second address: 9323DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push edx 0x0000000b mov edi, dword ptr [ebp+122D1A34h] 0x00000011 pop ebx 0x00000012 movzx edi, si 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F71106F0268h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 mov edi, 335A3AE4h 0x00000036 sub bx, 0AE1h 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push ebp 0x00000040 call 00007F71106F0268h 0x00000045 pop ebp 0x00000046 mov dword ptr [esp+04h], ebp 0x0000004a add dword ptr [esp+04h], 00000014h 0x00000052 inc ebp 0x00000053 push ebp 0x00000054 ret 0x00000055 pop ebp 0x00000056 ret 0x00000057 jno 00007F71106F026Fh 0x0000005d mov edi, dword ptr [ebp+122D1C2Ch] 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 jo 00007F71106F026Ch 0x0000006c jns 00007F71106F0266h 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9323DA second address: 9323E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 933474 second address: 93347A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 93347A second address: 933499 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F711103FB3Ch 0x00000014 jnl 00007F711103FB36h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 933499 second address: 93350D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F71106F026Bh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e or ebx, 389D8991h 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007F71106F0268h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 pushad 0x00000031 mov bx, A849h 0x00000035 mov ecx, dword ptr [ebp+122D1DE8h] 0x0000003b popad 0x0000003c push 00000000h 0x0000003e jc 00007F71106F0283h 0x00000044 call 00007F71106F0276h 0x00000049 sub ebx, 5267E321h 0x0000004f pop edi 0x00000050 xchg eax, esi 0x00000051 jnc 00007F71106F0270h 0x00000057 push eax 0x00000058 push edx 0x00000059 push esi 0x0000005a pop esi 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 935187 second address: 93518B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 93518B second address: 935198 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 933614 second address: 93368A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push eax 0x0000000a jnp 00007F711103FB36h 0x00000010 pop eax 0x00000011 pop eax 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F711103FB38h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 0000001Ah 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d pushad 0x0000002e movsx edi, cx 0x00000031 popad 0x00000032 push dword ptr fs:[00000000h] 0x00000039 mov di, ax 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 mov bh, ch 0x00000045 mov eax, dword ptr [ebp+122D06ADh] 0x0000004b pushad 0x0000004c sub esi, dword ptr [ebp+122D2A00h] 0x00000052 mov edi, ecx 0x00000054 popad 0x00000055 push FFFFFFFFh 0x00000057 add edi, 31B9F708h 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 jg 00007F711103FB36h 0x00000067 je 00007F711103FB36h 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 93458E second address: 9345A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F026Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 93819B second address: 93819F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9372F2 second address: 937313 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0276h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 937313 second address: 937318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 93921A second address: 93921E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9392AE second address: 9392C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB40h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9392C2 second address: 9392CC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F71106F026Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 93BEA0 second address: 93BEAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 je 00007F711103FB36h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8E17E6 second address: 8E17F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F71106F0266h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8E17F4 second address: 8E181B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F711103FB48h 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8E181B second address: 8E1830 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0271h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9465BD second address: 9465C7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94D924 second address: 94D928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94D928 second address: 94D957 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB41h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F711103FB42h 0x00000011 ja 00007F711103FB36h 0x00000017 jbe 00007F711103FB36h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94D957 second address: 94D95D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94E41D second address: 94E421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94E55E second address: 94E582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F71106F0266h 0x0000000d jmp 00007F71106F0277h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94E84F second address: 94E853 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94E853 second address: 94E86A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F71106F0266h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94E86A second address: 94E86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94E86E second address: 94E8A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0278h 0x00000007 jng 00007F71106F0266h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 jmp 00007F71106F026Eh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94E8A2 second address: 94E8A8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94E8A8 second address: 94E8C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F71106F0278h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94EA18 second address: 94EA33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB47h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94EA33 second address: 94EA47 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F71106F026Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c jg 00007F71106F0272h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94EA47 second address: 94EA4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94EA4D second address: 94EA70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F71106F026Ch 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 pushad 0x00000014 jns 00007F71106F0266h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94EA70 second address: 94EA87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F711103FB40h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 94EA87 second address: 94EA99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F71106F026Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 951F7E second address: 951FAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F711103FB47h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F711103FB3Dh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8DAC36 second address: 8DAC46 instructions: 0x00000000 rdtsc 0x00000002 js 00007F71106F0272h 0x00000008 jo 00007F71106F0266h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 957A17 second address: 957A21 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F711103FB36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 957A21 second address: 957A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F71106F0271h 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 957A40 second address: 957A44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 957A44 second address: 957A4E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 957A4E second address: 957A52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8DFD21 second address: 8DFD2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8DFD2C second address: 8DFD3E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007F711103FB3Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9564BC second address: 9564C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9564C0 second address: 9564C6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9564C6 second address: 9564CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9564CC second address: 9564D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9564D2 second address: 9564D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95692E second address: 956932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 956932 second address: 95694E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F71106F0271h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 956D1A second address: 956D36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB48h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 956D36 second address: 956D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 956D3C second address: 956D46 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F711103FB42h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 956D46 second address: 956D4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 956EAC second address: 956EB1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 956EB1 second address: 956EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 956EB7 second address: 956EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 956EC4 second address: 956EC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 956EC8 second address: 956EF3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F711103FB43h 0x00000010 jnc 00007F711103FB36h 0x00000016 jne 00007F711103FB36h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9069E5 second address: 9069EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F71106F0266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9069EF second address: 9069F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9069F5 second address: 9069FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9069FB second address: 906A01 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 906A01 second address: 906A1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F71106F026Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 906A1C second address: 906A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F711103FB41h 0x0000000c jmp 00007F711103FB3Ah 0x00000011 jo 00007F711103FB3Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8E3386 second address: 8E338A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 8E338A second address: 8E338E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95D747 second address: 95D74B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95D74B second address: 95D782 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F711103FB3Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007F711103FB51h 0x00000011 ja 00007F711103FB36h 0x00000017 jmp 00007F711103FB45h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95D782 second address: 95D793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F71106F0266h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95D793 second address: 95D797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95C62F second address: 95C633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95C633 second address: 95C655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F711103FB44h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95C655 second address: 95C65F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F71106F0272h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95C65F second address: 95C686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F711103FB36h 0x0000000a jmp 00007F711103FB44h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95C686 second address: 95C69E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jnc 00007F71106F0266h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95C69E second address: 95C6A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95C9B0 second address: 95C9BA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95C9BA second address: 95C9BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95CB34 second address: 95CB50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F71106F0274h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95BFA2 second address: 95BFB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F711103FB41h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95CFBE second address: 95CFC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95D438 second address: 95D446 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 95D446 second address: 95D44A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 961924 second address: 96192E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F711103FB36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 925392 second address: 9253A0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9253A0 second address: 9253B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9253B3 second address: 9253C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F71106F0271h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9253C8 second address: 92540B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push ecx 0x0000000e mov edx, dword ptr [ebp+122D3887h] 0x00000014 pop edi 0x00000015 lea eax, dword ptr [ebp+12495126h] 0x0000001b jmp 00007F711103FB3Eh 0x00000020 nop 0x00000021 push ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F711103FB46h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9254E2 second address: 9254E8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92585D second address: 925863 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 925863 second address: 925869 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 92598E second address: 925994 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 925994 second address: 925998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 925998 second address: 763A71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F711103FB3Ch 0x0000000e push dword ptr [ebp+122D0F3Dh] 0x00000014 sub ecx, dword ptr [ebp+122D2C34h] 0x0000001a call dword ptr [ebp+122D20A8h] 0x00000020 pushad 0x00000021 jmp 00007F711103FB3Ah 0x00000026 jc 00007F711103FB55h 0x0000002c jg 00007F711103FB4Fh 0x00000032 xor eax, eax 0x00000034 cmc 0x00000035 mov edx, dword ptr [esp+28h] 0x00000039 cmc 0x0000003a mov dword ptr [ebp+122D2BC8h], eax 0x00000040 jmp 00007F711103FB3Bh 0x00000045 mov esi, 0000003Ch 0x0000004a jnp 00007F711103FB44h 0x00000050 pushad 0x00000051 mov eax, dword ptr [ebp+122D2C0Ch] 0x00000057 or dword ptr [ebp+122D1A09h], edx 0x0000005d popad 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 mov dword ptr [ebp+122D1BDDh], edx 0x00000068 lodsw 0x0000006a jmp 00007F711103FB41h 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 mov dword ptr [ebp+122D1BDDh], esi 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d xor dword ptr [ebp+122D1BF6h], edx 0x00000083 push eax 0x00000084 jg 00007F711103FB42h 0x0000008a jns 00007F711103FB3Ch 0x00000090 push eax 0x00000091 push edx 0x00000092 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9259E4 second address: 9259E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 925B28 second address: 925B32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F711103FB36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 925B32 second address: 925B56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnp 00007F71106F0270h 0x0000000f xchg eax, esi 0x00000010 nop 0x00000011 push esi 0x00000012 jo 00007F71106F026Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 925B56 second address: 925B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 jmp 00007F711103FB3Bh 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 925E78 second address: 925EE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F71106F0268h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 xor dx, B6A8h 0x0000002a push 00000004h 0x0000002c push 00000000h 0x0000002e push edi 0x0000002f call 00007F71106F0268h 0x00000034 pop edi 0x00000035 mov dword ptr [esp+04h], edi 0x00000039 add dword ptr [esp+04h], 00000014h 0x00000041 inc edi 0x00000042 push edi 0x00000043 ret 0x00000044 pop edi 0x00000045 ret 0x00000046 mov edi, dword ptr [ebp+122D2A68h] 0x0000004c jg 00007F71106F0271h 0x00000052 nop 0x00000053 push eax 0x00000054 push edx 0x00000055 push esi 0x00000056 jng 00007F71106F0266h 0x0000005c pop esi 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 925EE5 second address: 925EEA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9263E6 second address: 9263EC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 961BF3 second address: 961C19 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F711103FB47h 0x0000000b pushad 0x0000000c jno 00007F711103FB36h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 925B45 second address: 925B56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xchg eax, esi 0x00000007 nop 0x00000008 push esi 0x00000009 jo 00007F71106F026Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9621C2 second address: 9621EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB48h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F711103FB3Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 962613 second address: 962617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 962617 second address: 96262E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jo 00007F711103FB36h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96587B second address: 965885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F71106F0266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 965885 second address: 96589F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Dh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96589F second address: 9658A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9658A5 second address: 9658AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96925B second address: 969272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F0272h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 969272 second address: 969299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F711103FB3Eh 0x00000009 jmp 00007F711103FB45h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 969299 second address: 9692CE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F71106F0266h 0x00000008 jp 00007F71106F0266h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F71106F0273h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c jmp 00007F71106F026Bh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9692CE second address: 9692E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB44h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9692E6 second address: 9692F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jno 00007F71106F0266h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96E924 second address: 96E950 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F711103FB48h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96E950 second address: 96E960 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F71106F026Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96E960 second address: 96E97B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F711103FB47h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96E97B second address: 96E97F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96E675 second address: 96E679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96FEE2 second address: 96FEE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96FEE8 second address: 96FF09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F711103FB43h 0x0000000d jnc 00007F711103FB36h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96FF09 second address: 96FF26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F71106F0272h 0x0000000c popad 0x0000000d pushad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 96FF26 second address: 96FF58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F711103FB3Ah 0x00000009 pop edi 0x0000000a jmp 00007F711103FB41h 0x0000000f push eax 0x00000010 jmp 00007F711103FB3Fh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 97538E second address: 975392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 975392 second address: 975398 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 975AC0 second address: 975AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 975AC6 second address: 975ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 926067 second address: 92607F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jo 00007F71106F0266h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9262A5 second address: 9262C3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F711103FB44h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 97985F second address: 979864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 979864 second address: 979869 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 97CA32 second address: 97CA3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 97CA3B second address: 97CA45 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F711103FB36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 97CD11 second address: 97CD1E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 97CD1E second address: 97CD22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 97CD22 second address: 97CD2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 97D02E second address: 97D04E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F711103FB48h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 97D1A9 second address: 97D1B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 97D1B1 second address: 97D1D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F711103FB45h 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F711103FB36h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 97D1D7 second address: 97D1DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 985ABB second address: 985AC5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 983C42 second address: 983C46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 983C46 second address: 983C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F711103FB36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007F711103FB3Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 984068 second address: 984079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F71106F0266h 0x0000000a js 00007F71106F0266h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 984079 second address: 984096 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F711103FB47h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 984096 second address: 98409A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98409A second address: 9840A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9848C2 second address: 984900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F71106F0273h 0x0000000b jmp 00007F71106F026Bh 0x00000010 pushad 0x00000011 jnl 00007F71106F0266h 0x00000017 jmp 00007F71106F0271h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 984F5D second address: 984F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F711103FB45h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 984F7F second address: 984F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 984F83 second address: 984F87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 984F87 second address: 984F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98522A second address: 98522E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98522E second address: 985234 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 985234 second address: 985239 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 985239 second address: 98523F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 985510 second address: 98552A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F711103FB3Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98552A second address: 985530 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9897E3 second address: 9897F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F711103FB3Bh 0x00000009 jno 00007F711103FB36h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9897F9 second address: 989811 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F71106F0272h 0x00000008 jmp 00007F71106F026Ah 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 989811 second address: 98981B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F711103FB36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 989D64 second address: 989D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F71106F0266h 0x0000000a jnl 00007F71106F0266h 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F71106F0273h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 989D8E second address: 989D93 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 989D93 second address: 989DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F71106F0266h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 989DA0 second address: 989DAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB3Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 989F25 second address: 989F29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 989F29 second address: 989F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F711103FB3Eh 0x0000000c push edx 0x0000000d jmp 00007F711103FB44h 0x00000012 push eax 0x00000013 pop eax 0x00000014 pop edx 0x00000015 popad 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 989F5B second address: 989F5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98A228 second address: 98A22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98A22C second address: 98A235 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98A235 second address: 98A24E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pushad 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a ja 00007F711103FB36h 0x00000010 pop edi 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98A24E second address: 98A252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 98A252 second address: 98A256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 996AD3 second address: 996B1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0271h 0x00000007 pushad 0x00000008 jmp 00007F71106F0275h 0x0000000d jmp 00007F71106F026Dh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F71106F026Dh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 994EEE second address: 994EF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 995166 second address: 995184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F0271h 0x00000009 pushad 0x0000000a popad 0x0000000b jng 00007F71106F0266h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9952F2 second address: 9952F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9954AA second address: 9954C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F71106F0266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F71106F026Eh 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9954C0 second address: 9954C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9954C4 second address: 9954CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9954CA second address: 9954D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9954D0 second address: 9954D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 995925 second address: 995929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 995929 second address: 99592D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 99592D second address: 995933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 995933 second address: 99593C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 99593C second address: 99594D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F711103FB36h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9962C6 second address: 9962CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9962CA second address: 9962D4 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F711103FB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 996948 second address: 99697C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F0276h 0x00000007 jmp 00007F71106F026Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 jg 00007F71106F0266h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 99697C second address: 99699B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F711103FB44h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 99699B second address: 9969AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F71106F0266h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 99F3C3 second address: 99F3DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F711103FB44h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 99F518 second address: 99F545 instructions: 0x00000000 rdtsc 0x00000002 js 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d jo 00007F71106F0266h 0x00000013 pop ebx 0x00000014 jmp 00007F71106F0274h 0x00000019 popad 0x0000001a push ecx 0x0000001b push ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9A30AA second address: 9A30B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9A30B0 second address: 9A30C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F71106F026Ch 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9A30C5 second address: 9A30D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F711103FB36h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9A30D7 second address: 9A30FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F71106F026Bh 0x0000000b popad 0x0000000c push ebx 0x0000000d jl 00007F71106F0266h 0x00000013 pop ebx 0x00000014 popad 0x00000015 jc 00007F71106F028Ah 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9AA910 second address: 9AA948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F711103FB36h 0x0000000a popad 0x0000000b jno 00007F711103FB5Ah 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9AA948 second address: 9AA94E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9AA7A9 second address: 9AA7AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9AA7AF second address: 9AA7B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9AA7B5 second address: 9AA7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F711103FB36h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9B7C66 second address: 9B7C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F0274h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9B7C7E second address: 9B7CAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F711103FB47h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F711103FB3Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9B7DF3 second address: 9B7DF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9B7DF9 second address: 9B7DFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9B7DFD second address: 9B7E0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F71106F026Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9BCC02 second address: 9BCC1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007F711103FB40h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9C44BA second address: 9C44D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jp 00007F71106F0266h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007F71106F0268h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9C44D4 second address: 9C44DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9C44DA second address: 9C44DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9C92A1 second address: 9C92AB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F711103FB50h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CEC54 second address: 9CEC5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CEC5C second address: 9CEC67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CD7F8 second address: 9CD7FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CDA9E second address: 9CDAC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F711103FB40h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F711103FB40h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CDAC8 second address: 9CDAD2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CDC55 second address: 9CDC5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CDC5A second address: 9CDCA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jl 00007F71106F0266h 0x0000000e jmp 00007F71106F0275h 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jmp 00007F71106F026Eh 0x00000020 jmp 00007F71106F026Dh 0x00000025 jne 00007F71106F0266h 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CDCA9 second address: 9CDCCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F711103FB47h 0x00000007 pushad 0x00000008 js 00007F711103FB36h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CDFCB second address: 9CDFE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F026Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F71106F026Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D1693 second address: 9D16B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F711103FB3Eh 0x0000000a jno 00007F711103FB36h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D16B1 second address: 9D16B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D13B9 second address: 9D13CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F711103FB3Eh 0x0000000c jnl 00007F711103FB36h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E4086 second address: 9E40B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F71106F026Bh 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e jmp 00007F71106F0273h 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 push edx 0x00000017 pop edx 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0AA62 second address: A0AA68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A09A24 second address: A09A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A09A28 second address: A09A37 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnc 00007F711103FB36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A09A37 second address: A09A46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jg 00007F71106F0266h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A09B6D second address: A09B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A09B71 second address: A09B7D instructions: 0x00000000 rdtsc 0x00000002 jp 00007F71106F0266h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A09B7D second address: A09B88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F711103FB36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A09B88 second address: A09B8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A09B8E second address: A09BBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F711103FB36h 0x0000000a popad 0x0000000b jnp 00007F711103FB38h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ebx 0x00000014 push edi 0x00000015 jmp 00007F711103FB3Bh 0x0000001a pushad 0x0000001b popad 0x0000001c pop edi 0x0000001d pushad 0x0000001e push edi 0x0000001f pop edi 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0A237 second address: A0A247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F71106F026Bh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0A657 second address: A0A669 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F711103FB3Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0C025 second address: A0C029 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A10049 second address: A10053 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F711103FB36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A10053 second address: A10057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1050A second address: A1050E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1050E second address: A10519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A10519 second address: A1056C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F711103FB38h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 or edx, dword ptr [ebp+122D2C08h] 0x00000029 push dword ptr [ebp+122D185Dh] 0x0000002f jmp 00007F711103FB3Ch 0x00000034 call 00007F711103FB39h 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1056C second address: A10572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A10572 second address: A10577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A10577 second address: A10585 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A10585 second address: A1058C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1058C second address: A10596 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F71106F0266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A10596 second address: A105B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F711103FB3Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A105B1 second address: A105BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F71106F0266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A11E13 second address: A11E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A11E19 second address: A11E23 instructions: 0x00000000 rdtsc 0x00000002 js 00007F71106F0266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52E0D57 second address: 52E0DF5 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 test ecx, ecx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F711103FB3Eh 0x00000011 add ax, 5698h 0x00000016 jmp 00007F711103FB3Bh 0x0000001b popfd 0x0000001c mov bl, ch 0x0000001e popad 0x0000001f jns 00007F711103FB69h 0x00000025 jmp 00007F711103FB3Bh 0x0000002a add eax, ecx 0x0000002c pushad 0x0000002d mov si, B05Bh 0x00000031 pushfd 0x00000032 jmp 00007F711103FB40h 0x00000037 and cl, 00000028h 0x0000003a jmp 00007F711103FB3Bh 0x0000003f popfd 0x00000040 popad 0x00000041 mov eax, dword ptr [eax+00000860h] 0x00000047 jmp 00007F711103FB46h 0x0000004c test eax, eax 0x0000004e jmp 00007F711103FB40h 0x00000053 je 00007F71817D5AA9h 0x00000059 pushad 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 920562 second address: 920566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 763AC0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 916521 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 7615C6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 92554D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 9A5C10 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 2668 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2100133693.00000000012EE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWxl6
Source: file.exe, 00000000.00000003.2081775776.0000000001361000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2072046452.0000000001362000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100332469.0000000001365000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2081942146.0000000001364000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWL
Source: file.exe, 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00745BB0 LdrInitializeThunk, 0_2_00745BB0

HIPS / PFW / Operating System Protection Evasion
barindex
LummaC encrypted strings found
Source: file.exe String found in binary or memory: clearancek.site
Source: file.exe String found in binary or memory: licendfilteo.site
Source: file.exe String found in binary or memory: spirittunek.stor
Source: file.exe String found in binary or memory: bathdoomgaz.stor
Source: file.exe String found in binary or memory: studennotediw.stor
Source: file.exe String found in binary or memory: dissapoiznw.stor
Source: file.exe String found in binary or memory: eaglepawnoy.stor
Source: file.exe String found in binary or memory: mobbipenju.stor
Source: file.exe, 00000000.00000002.2099625368.00000000008F8000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager
Source: file.exe Binary or memory string: . Program Manager
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1530694 Sample: file.exe Startdate: 10/10/2024 Architecture: WINDOWS Score: 100 10 studennotediw.store 2->10 12 steamcommunity.com 2->12 14 8 other IPs or domains 2->14 20 Multi AV Scanner detection for domain / URL 2->20 22 Suricata IDS alerts for network traffic 2->22 24 Found malware configuration 2->24 26 9 other signatures 2->26 6 file.exe 2->6         started        signatures3 process4 dnsIp5 16 sergei-esenin.com 172.67.206.204, 443, 49707 CLOUDFLARENETUS United States 6->16 18 steamcommunity.com 104.102.49.254, 443, 49706 AKAMAI-ASUS United States 6->18 28 Detected unpacking (changes PE section rights) 6->28 30 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->30 32 Tries to evade debugger and weak emulator (self modifying code) 6->32 34 4 other signatures 6->34 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.102.49.254
 steamcommunity.com United States
16625 AKAMAI-ASUS true
172.67.206.204
 sergei-esenin.com United States
13335 CLOUDFLARENETUS true

Contacted Domains

Name IP Active
steamcommunity.com 104.102.49.254 true
sergei-esenin.com 172.67.206.204 true
eaglepawnoy.store unknown unknown
bathdoomgaz.store unknown unknown
spirittunek.store unknown unknown
licendfilteo.site unknown unknown
studennotediw.store unknown unknown
mobbipenju.store unknown unknown
clearancek.site unknown unknown
dissapoiznw.store unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
studennotediw.store true unknown
dissapoiznw.store true unknown
https://steamcommunity.com/profiles/76561199724331900 true
  • URL Reputation: malware
 unknown
eaglepawnoy.store true unknown
bathdoomgaz.store true
    		unknown
    clearancek.site true
      		unknown
      spirittunek.store true
        		unknown
        licendfilteo.site true
          		unknown